How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
rob at invaluement.com
Fri Oct 2 03:58:12 UTC 2015
On 10/1/2015 11:44 PM, Mark Andrews wrote:
> IPv6 really isn't much different to IPv4. You use sites /48's
> rather than addresses /32's (which are effectively sites). ISP's
> still need to justify their address space allocations to RIR's so
> their isn't infinite numbers of sites that a spammer can get.
A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not
the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit
hoster assigns various /64s to DIFFERENT customers of theirs... that is
a lot of collateral damage that would be caused by listing at the /48
level, should just one customer be a bad-apple spammer, or just one
legit customer have a compromised system one day.
Conversely, if a more blackhat ESP did this, but it was unclear that
this was a blackhat sender until much later.. then LOTS of spam would
get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT,
with the spammy ESP still having LOTS of /64s to spare.. remember, they
started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure,
it would eventually become clear that the whole /48 should be blacklisted).
other gray-hat situations between these two extremes can be even more
frustrating because you then have the same "free passes" that the
blackhat ESP gets... but you can't list the whole /48 without too much
SUMMARY: So even if you moved into blocking at the /64 level, the
spammers have STILL gained an order of magnitudes advantage over the
IPv4 world.... any way you slice it. And blocking at the /48 level WOULD
cause too much collateral damage if don't indiscriminately.
And this is assuming that individual IPs are NEVER assigned individually
(or in smaller-than-/64-allocations) . (maybe that is a safe assumption?
I don't know? regardless, even if that were a safe assumption, the
spammers STILL have gained a massive advantage)
More information about the NANOG