mysidia at gmail.com
Mon Sep 17 00:24:35 UTC 2012
On 9/16/12, John R. Levine <johnl at iecc.com> wrote:
> Large networks keep separate reputation for every address in the IPv4
> address space based on the traffic they send. You can't do that in IPv6,
That's true, but not an intended system for identifying and reporting abuse,
and the same idea occurs with IPv4 -- bots can just grab other IP
addresses in the subnet,
if there are not local protections in place to ensure a host cannot
ARP an IP that is not assigned to it...
So keep track of reputation of legitimate hosts instead of
Maintain negative reputation at a /64 or shorter prefix level, and favorable
reputation at a /128 level.
If you have abuse detected on a /64, then treat the entire /64 as
having a damaged
reputation, except for the /128s on the /64 that have a prior
The identical thing cannot be done with IPv6, but reputation systems
are still possible.
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for
> Please consider the environment before reading this e-mail. http://jl.ly
More information about the NANOG