IPv6 black lists?
Mark Schouten
marks at bit.nl
Tue Mar 9 23:41:11 CET 2010
On Wed, 2010-03-10 at 09:47 +1300, Brian E Carpenter wrote:
> But is dnsbl a technique that should be encouraged for IPv6?
>
> It's already a blunt weapon for IPv4. As the virbl site notes,
> for IPv6 the only practical atom is a /64 and that is a *very*
> blunt weapon indeed. Its potential for false positives is
> extremely high.
That's not what we do. We list the /128 and if we find > 5 /128 in the
same /64, we block the /64. That way, the false positives are limited,
although not eliminated. But at least we can expect the admins attention
on this subnet. :)
--
Mark Schouten, Unix/NOC-engineer
BIT BV | info at bit.nl | +31 318 648688 | KvK: 09090351
MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 17FF
More information about the ipv6-ops
mailing list