On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matth...@leisi.net> wrote:
> On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <o...@delong.com> wrote: > > >> OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 >> block, has more than 18 quintillion addresses and there's not a computer on >> the planet with enough memory (or probably not even enough disk space) to >> store that block list. >> > > It only takes a single entry if you do not store /128s but that /64. Yes, > RBL lookups do not currently know how to handle this, but there are a > couple of good proposals around on how to do it. Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat. Admittedly, /48s are only 65,536 RBL entries per, but I still think that address-based reputations are a losing battle in an IPv6 world unless we provide some way for providers to hint at block sizes. After all, if you start blocking a /64, what if it’s a /64 shared by thousands of hosting customers at one provider offering virtuals? > > This would also reduce the risks from cache depletion attacks via DNSxL > lookups to IPv4 levels. Yes and no. > > Sometimes scale is everything. host-based reputation lists scale easily to >> 3.2 billion host addresses. IPv6, not so easily. >> > > As soon as we get away from host-centric-view to a network-block-view, > things get pretty straightforward. Except where they don’t. Owen