IPv6 black lists?

Benedikt Stockebrand me at benedikt-stockebrand.de
Wed Mar 10 11:53:06 CET 2010


Hello List,

Dave Taht <d at teklibre.org> writes:

> So this translates out to 2^16*5 = 327680 detected spams to get
> completely blocked for someone that gets a /48 allocation from some
> tunneling provider or another.

Dave is on the right track.  If you work the numbers some more, this
is what you get:

With legacy IPv4, one can maintain a full host-specific IPv4 address
blacklist in 512 MB of memory (using a bitmap with one bit per
address), so this is obviously possible with today's standard
hardware.

Even if you filtered IPv6 by /48s, that would take 2^16 times as much
memory, or 32 TB.  Filtering at /64 we're at 2 EB (ExaBytes).

Now how long do you expect it for spammers to figure out that once
they take over a machine they should acquire a new address for every
single spam mail they send out?  Once they start to do this, any kind
of address-based blacklist will blow up in your face.

As soon as they hit a home router, they can use the entire /48 or
whatever allocated to the victim by their ISP.

We do have a problem here.


Cheers,

    Benedikt

-- 
			 Business Grade IPv6
		    Consulting, Training, Projects

Dipl. Inform.                 Tel.:  +49 (0) 69 - 247 512 362
Benedikt Stockebrand          Mobil: +49 (0) 177 - 41 73 985           
Fichardstr. 38                Mail:  me at benedikt-stockebrand.de        
D-60322 Frankfurt am Main     WWW:   http://www.benedikt-stockebrand.de/

Bitte kein Spam, keine unaufgeforderten Werbeanrufe, keine telefonischen
Umfragen.  Anrufe werden ggf. zu rechtlichen Zwecken aufgezeichnet.  
No spam, no unsolicited sales calls, no telephone surveys, please. Calls
may be recorded for legal purposes.




More information about the ipv6-ops mailing list