IPv6 black lists?
Mark Schouten
marks at bit.nl
Wed Mar 10 09:02:18 CET 2010
On Tue, 2010-03-09 at 17:57 -0600, Dave Taht wrote:
> > That's not what we do. We list the /128 and if we find> 5 /128 in the
> > same /64, we block the /64. That way, the false positives are limited,
> > although not eliminated. But at least we can expect the admins attention
> > on this subnet. :)
> >
> >
> >
> So this translates out to 2^16*5 = 327680 detected spams to get
> completely blocked for someone that gets a /48 allocation from some
> tunneling provider or another. While I suppose the virbl method will
> work for random zombie machines which can't change their ip addresses,
> it's not going to slow down a dedicated abuser all that much.
It's primarily based on the fact that Windows PC's often have
privacy-extensions enabled. Please not that Virbl is a list to block
virus-sending hosts, not spam.
--
Mark Schouten, Unix/NOC-engineer
BIT BV | info at bit.nl | +31 318 648688 | KvK: 09090351
MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 17FF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100310/8e25afcc/attachment.bin
More information about the ipv6-ops
mailing list