IPv6 black lists?

Mark Schouten marks at bit.nl
Wed Mar 10 09:02:18 CET 2010


On Tue, 2010-03-09 at 17:57 -0600, Dave Taht wrote:
> > That's not what we do. We list the /128 and if we find>  5 /128 in the
> > same /64, we block the /64. That way, the false positives are limited,
> > although not eliminated. But at least we can expect the admins attention
> > on this subnet. :)
> >
> >
> >    
> So this translates out to 2^16*5 = 327680 detected spams to get 
> completely blocked for someone that gets a /48 allocation from some 
> tunneling provider or another. While I suppose the virbl method will 
> work for random zombie machines which can't change their ip addresses, 
> it's not going to slow down a dedicated abuser all that much.

It's primarily based on the fact that Windows PC's often have
privacy-extensions enabled. Please not that Virbl is a list to block
virus-sending hosts, not spam.

-- 
Mark Schouten, Unix/NOC-engineer
BIT BV      | info at bit.nl | +31 318 648688 | KvK: 09090351
MS8714-RIPE | B1FD 8E60 A184 F89A 450D  A128 049B 1B19 9AD6 17FF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100310/8e25afcc/attachment.sig>


More information about the ipv6-ops mailing list