On 9/16/12, John R. Levine <johnl@iecc.com> wrote:
Large networks keep separate reputation for every address in the IPv4 address space based on the traffic they send. You can't do that in IPv6,
That's true, but not an intended system for identifying and reporting abuse, and the same idea occurs with IPv4 -- bots can just grab other IP addresses in the subnet, if there are not local protections in place to ensure a host cannot ARP an IP that is not assigned to it... So keep track of reputation of legitimate hosts instead of "non-legitimate" hosts. Maintain negative reputation at a /64 or shorter prefix level, and favorable reputation at a /128 level. If you have abuse detected on a /64, then treat the entire /64 as having a damaged reputation, except for the /128s on the /64 that have a prior positive reputation. The identical thing cannot be done with IPv6, but reputation systems are still possible.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly -- -JH