IPv6 black lists?
Leo Vegoda
leo.vegoda at icann.org
Thu Mar 11 00:30:50 CET 2010
On 10 Mar 2010, at 3:11, Benedikt Stockebrand wrote:
[...]
>> No, why? If the customer spams from a single address, that address
>> gets blocked. If the customer cycles through his /64, that /64 will
>> get blocked.
>
> that's the point: In doing so you block all other customers in that
> subnet as well.
>
> And keep in mind that with the RFC 3041 privacy extensions enabled by
> default on post-XP Windows boxes, the majority of them *will* cycle
> through the /64 anyway.
>
>> If you put multiple customers in the same /64, and one of them can
>> use addresses out of that /64 at random, your setup is broken, and you
>> deserve all the pain you can get.
>
> Tell that to people in the low cost end user hosting business. With
> business customers you are right, because they tend to be willing to
> pay a bit more for reliable service at least to some degree, but end
> users frequently think quite differently.
Why would you want to deliver a level of reliability that has not been paid for? If the level of reliability for a shared service depends on the behavior of follow subscribers then as long as the customers know what they are (and are not) getting for their money then that sounds fine to me.
Some customers will choose to upgrade to a dedicated service with their own /64 and others will either just grin and bear or or find a provider that doesn't host as many susceptible servers in shared subnets.
Regards,
Leo
More information about the ipv6-ops
mailing list