IPv6 black lists?
Dave Taht
d at teklibre.org
Wed Mar 10 00:57:38 CET 2010
On 03/09/2010 04:41 PM, Mark Schouten wrote:
> On Wed, 2010-03-10 at 09:47 +1300, Brian E Carpenter wrote:
>
>> But is dnsbl a technique that should be encouraged for IPv6?
>>
>> It's already a blunt weapon for IPv4. As the virbl site notes,
>> for IPv6 the only practical atom is a /64 and that is a *very*
>> blunt weapon indeed. Its potential for false positives is
>> extremely high.
>>
> That's not what we do. We list the /128 and if we find> 5 /128 in the
> same /64, we block the /64. That way, the false positives are limited,
> although not eliminated. But at least we can expect the admins attention
> on this subnet. :)
>
>
>
So this translates out to 2^16*5 = 327680 detected spams to get
completely blocked for someone that gets a /48 allocation from some
tunneling provider or another. While I suppose the virbl method will
work for random zombie machines which can't change their ip addresses,
it's not going to slow down a dedicated abuser all that much.
I tend to think that changing the relevant RFC (sorry, can't remember
which one) for exchanging email to require a valid certificate for email
exchanged over ipv6 would be more effective in that case.
More information about the ipv6-ops
mailing list