misunderstanding scale

Owen DeLong owen at delong.com
Thu Mar 27 05:17:18 UTC 2014


On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matthias at leisi.net> wrote:

> On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <owen at delong.com> wrote:
> 
> 
>> OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6
>> block, has more than 18 quintillion addresses and there's not a computer on
>> the planet with enough memory (or probably not even enough disk space) to
>> store that block list.
>> 
> 
> It only takes a single entry if you do not store /128s but that /64. Yes,
> RBL lookups do not currently know how to handle this, but there are a
> couple of good proposals around on how to do it.

Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.

Admittedly, /48s are only 65,536 RBL entries per, but I still think that address-based
reputations are a losing battle in an IPv6 world unless we provide some way for providers
to hint at block sizes.

After all, if you start blocking a /64, what if it’s a /64 shared by thousands of hosting
customers at one provider offering virtuals?

> 
> This would also reduce the risks from cache depletion attacks via DNSxL
> lookups to IPv4 levels.

Yes and no.

> 
> Sometimes scale is everything. host-based reputation lists scale easily to
>> 3.2 billion host addresses. IPv6, not so easily.
>> 
> 
> As soon as we get away from host-centric-view to a network-block-view,
> things get pretty straightforward.

Except where they don’t.

Owen




More information about the NANOG mailing list