IPv6 black lists?

Gert Doering gert at space.net
Wed Mar 10 21:34:15 CET 2010


On Wed, Mar 10, 2010 at 03:53:45PM +0000, Benedikt Stockebrand wrote:
> >> If spammers were seriously interested in disabling address-based
> >> blacklists by flooding them, then a bitmap is the most resilient data
> >> structure.  With IPv4 that's feasible, with IPv6 it isn't.
> >
> > Sure.  Which just emphasizes the point that you want to fall-up from
> > "individual hosts in a /64" to "the whole /64" to "the whole /56"
> > and so on, up to /32, as soon as a given threshold inside the /x
> > is exceeded.
> that's still too simple: If you are a hoster, then a single hijacked
> machine from a single customer will have all your other customers
> quickly blacklisted as well.

No, why?  If the customer spams from a single address, that address
gets blocked.  If the customer cycles through his /64, that /64 will
get blocked.

If you put multiple customers in the same /64, and one of them can
use addresses out of that /64 at random, your setup is broken, and you
deserve all the pain you can get.

> Until then: Stop offering flatrates (not Spacenet, but all ISPs).  As
> soon as people have to pay for the spam their machines "accidentially"
> send out the'll be slightly more careful about securing their boxes.

The volume of a typical SPAM run is fairly low compared to the download
of a single video.  Won't work.

Gert Doering
        -- NetMaster
Total number of prefixes smaller than registry allocations:  144438

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list