misunderstanding scale

Owen DeLong owen at delong.com
Wed Mar 26 05:31:25 UTC 2014


>> IPv6 adds an entirely new aspect to it.
> 
> Well, if you mean the entirely new aspect is a list of hex addresses instead of dotted decimal addresses I guess so.  I personally would rather have a list of actual end system addresses than a list of addresses that represent a mail server and several thousand other innocent devices behind a NAT.  Might be easier to tell the system owner which system is compromised than to call a large company and tell them one of their systems is compromised.  It would also be nice to be able to allow legitimate email to a business partner while blocking his compromised system only.  
> 

I thin the new dimension is that a spammer today who manages to snag a /8 has 16.7 million addresses to play with. Even if he forces you to add each and every one to your list, that’s a few megabytes for a VERY large IPv4 block.

OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses and there’s not a computer on the planet with enough memory (or probably not even enough disk space) to store that block list.

Sometimes scale is everything. host-based reputation lists scale easily to 3.2 billion host addresses. IPv6, not so easily.

Owen




More information about the NANOG mailing list