misunderstanding scale, SMTP edition

Jack Bates jbates at brightok.net
Wed Mar 26 17:33:40 UTC 2014


On 3/26/2014 12:09 PM, John Levine wrote:
>> OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses
>> and there�s not a computer on the planet with enough memory (or probably not even enough disk space) to store that
>> block list.
>>
>> Sometimes scale is everything. host-based reputation lists scale easily to 3.2 billion host addresses. IPv6, not so easily.
> Quite right.  If I were a spammer or an ESP who wanted to listwash, I
> could easily use a different IP addres for every single message I sent.
>
>

Which isn't too bad for the spam block lists, as they will usually 
escalate and block /64 and shorter anyways.

It will be problematic for handling something like CBL, though. DHCP 
shifted occasionally, but not as often as IPv6 privacy addresses can. 
The botnet world is where the problems will arise, and not just for 
spam. It becomes even more problematic, as you don't know if you have 
multiple bots in a /64 (individual handouts via DHCPv6) or a single bot 
shifting within a /64 assignment, or given some layouts, perhaps 
shifting within a /48 assignment.

Jack





More information about the NANOG mailing list