On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matthias@leisi.net> wrote:
On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <owen@delong.com> wrote:
OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses and there's not a computer on the planet with enough memory (or probably not even enough disk space) to store that block list.
It only takes a single entry if you do not store /128s but that /64. Yes, RBL lookups do not currently know how to handle this, but there are a couple of good proposals around on how to do it.
Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat. Admittedly, /48s are only 65,536 RBL entries per, but I still think that address-based reputations are a losing battle in an IPv6 world unless we provide some way for providers to hint at block sizes. After all, if you start blocking a /64, what if it’s a /64 shared by thousands of hosting customers at one provider offering virtuals?
This would also reduce the risks from cache depletion attacks via DNSxL lookups to IPv4 levels.
Yes and no.
Sometimes scale is everything. host-based reputation lists scale easily to
3.2 billion host addresses. IPv6, not so easily.
As soon as we get away from host-centric-view to a network-block-view, things get pretty straightforward.
Except where they don’t. Owen