On 2010/12/01 12:55 PM, David F. Skoll wrote:
Actually, since the smallest allocation unit is a /64, you could switch IP addresses once per nanosecond and not run out for almost 585 years. If you have a /48, you could last for about 38 million years. So at a minimium, an IPv6 DNSBL will have to list a /64, not individual IPv6 addresses. That's fine. Most botnet nodes are individual home PCs and they won't be able to pick an address outside their /64 allocation (assuming a competent ISP... a big assumption!)
For what it's worth, the recommended allocation to end users is a /56 to the home and a /48 to small businesses, though many are suggesting a /48 to everyone to keep routing simpler.
Also, DNSWLs will start becoming more important as we concentrate on listing known-good machines.
+1 blacklists simply won't be able to maintain unless they list the entire prefix, and even that won't last forever.
Rob McEwen wrote:If one or both of those were agreed upon up front--this would go a long way towards preventing the coming nightmare.
E-mail is already being sent on IPv6. Better hurry up on writing those RFC's!
-- /Jason
smime.p7s
Description: S/MIME Cryptographic Signature
