IPv6 black lists?
john at sackheads.org
Tue Mar 9 21:52:51 CET 2010
On Mar 9, 2010, at 3:47 PM, Brian E Carpenter wrote:
> But is dnsbl a technique that should be encouraged for IPv6?
> It's already a blunt weapon for IPv4. As the virbl site notes,
> for IPv6 the only practical atom is a /64 and that is a *very*
> blunt weapon indeed. Its potential for false positives is
> extremely high.
I think that depends on the policies of the dnsbl maintainer and the dnsbl consumer.
I personally wouldn't want to trust anything that shared a layer2 network with a virus laden machine even if it wasn't the same machine... so blocking at /64 is fine by me. Others may disagree.
In the specific case of dnsbl's I do see /64 as an advantage - the false positives will be much lower than trying to block "same subnet" in IPv4.
> On 2010-03-10 02:46, Emanuele Balla wrote:
>> On 3/9/10 2:41 PM, Shane Kerr wrote:
>>> Does anybody know if there are IPv6 DNSBL available?
>> Mainly proofs of concept, since rbldnsd does not support ipv6 datasets yet.
More information about the ipv6-ops