owen at delong.com
Thu Mar 27 05:17:18 UTC 2014
On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matthias at leisi.net> wrote:
> On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <owen at delong.com> wrote:
>> OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6
>> block, has more than 18 quintillion addresses and there's not a computer on
>> the planet with enough memory (or probably not even enough disk space) to
>> store that block list.
> It only takes a single entry if you do not store /128s but that /64. Yes,
> RBL lookups do not currently know how to handle this, but there are a
> couple of good proposals around on how to do it.
Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.
Admittedly, /48s are only 65,536 RBL entries per, but I still think that address-based
reputations are a losing battle in an IPv6 world unless we provide some way for providers
to hint at block sizes.
After all, if you start blocking a /64, what if it’s a /64 shared by thousands of hosting
customers at one provider offering virtuals?
> This would also reduce the risks from cache depletion attacks via DNSxL
> lookups to IPv4 levels.
Yes and no.
> Sometimes scale is everything. host-based reputation lists scale easily to
>> 3.2 billion host addresses. IPv6, not so easily.
> As soon as we get away from host-centric-view to a network-block-view,
> things get pretty straightforward.
Except where they don’t.
More information about the NANOG