IPv6 black lists?

Mohacsi Janos mohacsi at niif.hu
Wed Mar 10 12:34:51 CET 2010




On Wed, 10 Mar 2010, Benedikt Stockebrand wrote:

> Hello List,
>
> Dave Taht <d at teklibre.org> writes:
>
>> So this translates out to 2^16*5 = 327680 detected spams to get
>> completely blocked for someone that gets a /48 allocation from some
>> tunneling provider or another.
>
> Dave is on the right track.  If you work the numbers some more, this
> is what you get:
>
> With legacy IPv4, one can maintain a full host-specific IPv4 address
> blacklist in 512 MB of memory (using a bitmap with one bit per
> address), so this is obviously possible with today's standard
> hardware.
>
> Even if you filtered IPv6 by /48s, that would take 2^16 times as much
> memory, or 32 TB.  Filtering at /64 we're at 2 EB (ExaBytes).
>
> Now how long do you expect it for spammers to figure out that once
> they take over a machine they should acquire a new address for every
> single spam mail they send out?  Once they start to do this, any kind
> of address-based blacklist will blow up in your face.

What about stopping this happen at the end system: preventing changing IP 
addresses machines too often? Ther is already tool for monitoring such an 
activity.....

Best Regards,
 		Janos Mohacsi



More information about the ipv6-ops mailing list