On 08/03/11 13:38 -0800, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: >http://www.theregister.co.uk/2011/03/08/ipv6_spam_filtering_headache/
Summary: >The migration towards IPv6, which has been made necessary by the expansion >of the internet, will make it harder to filter spam messages, service >providers warn. ... >While this expansion allows far more devices to have a unique internet >address, it creates a host of problems for security service providers, who >have long used databases of known bad IP addresses to maintain blacklists >of junk mail cesspools. Spam-filtering technology typically uses these >blacklists as one (key component) in a multi-stage junk mail filtering >process that also involves examining message contents. ... >"Cloudmark advocates that ISPs do not initially need to be able to receive >mail from IPv6 addresses (on inbound) except from their own customers >(known as outbound)," Paton explained. "This would ensure business >continuity for ISPs and provisioning of ADSL/Cable modems to continue. >This measure will also protect the IPv4 reputation system that is >currently in use and working well." The rather simple solution (if you're in to blacklists) is to treat comprised traffic as coming from a subnet (such as the containing /64 subnet), rather than an individual address. This is one of the reasons why I'm assigning v6 subnets in /48 blocks to customers rather than something shorter, regardless of the complexity of the customer's network. When it's all said and done, I expect many such blacklists to reject on the /48 boundary. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
