IPv6 Ignorance

Jimmy Hess mysidia at gmail.com
Mon Sep 17 00:24:35 UTC 2012

On 9/16/12, John R. Levine <johnl at iecc.com> wrote:

> Large networks keep separate reputation for every address in the IPv4
> address space based on the traffic they send.  You can't do that in IPv6,

That's true, but not an intended system for identifying and reporting abuse,
and the same idea occurs with IPv4 -- bots can just grab other IP
addresses in the subnet,
if there are not local protections in place to ensure a host cannot
ARP an IP that is not assigned to it...

So keep track of reputation of legitimate hosts instead of
"non-legitimate" hosts.
Maintain negative reputation at a /64  or shorter prefix level,  and  favorable
reputation at a /128 level.

If you have abuse detected on a /64,  then treat the entire /64  as
having a damaged
reputation,   except   for the  /128s  on the /64  that have a prior
positive reputation.

The identical thing cannot be done with IPv6,  but reputation systems
are still possible.

> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly

More information about the NANOG mailing list