IPv6 black lists?
Mohacsi Janos
mohacsi at niif.hu
Wed Mar 10 12:34:51 CET 2010
On Wed, 10 Mar 2010, Benedikt Stockebrand wrote:
> Hello List,
>
> Dave Taht <d at teklibre.org> writes:
>
>> So this translates out to 2^16*5 = 327680 detected spams to get
>> completely blocked for someone that gets a /48 allocation from some
>> tunneling provider or another.
>
> Dave is on the right track. If you work the numbers some more, this
> is what you get:
>
> With legacy IPv4, one can maintain a full host-specific IPv4 address
> blacklist in 512 MB of memory (using a bitmap with one bit per
> address), so this is obviously possible with today's standard
> hardware.
>
> Even if you filtered IPv6 by /48s, that would take 2^16 times as much
> memory, or 32 TB. Filtering at /64 we're at 2 EB (ExaBytes).
>
> Now how long do you expect it for spammers to figure out that once
> they take over a machine they should acquire a new address for every
> single spam mail they send out? Once they start to do this, any kind
> of address-based blacklist will blow up in your face.
What about stopping this happen at the end system: preventing changing IP
addresses machines too often? Ther is already tool for monitoring such an
activity.....
Best Regards,
Janos Mohacsi
More information about the ipv6-ops
mailing list