nanog mailing list archives

Re: misunderstanding scale, SMTP edition

From: Jack Bates <jbates () brightok net>
Date: Wed, 26 Mar 2014 12:33:40 -0500

On 3/26/2014 12:09 PM, John Levine wrote:

OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses
and there�s not a computer on the planet with enough memory (or probably not even enough disk space) to store that
block list.

Sometimes scale is everything. host-based reputation lists scale easily to 3.2 billion host addresses. IPv6, not so 
easily.

Quite right.  If I were a spammer or an ESP who wanted to listwash, I
could easily use a different IP addres for every single message I sent.

Which isn't too bad for the spam block lists, as they will usuallyescalate and block /64 and shorter anyways.

It will be problematic for handling something like CBL, though. DHCPshifted occasionally, but not as often as IPv6 privacy addresses can.The botnet world is where the problems will arise, and not just forspam. It becomes even more problematic, as you don't know if you havemultiple bots in a /64 (individual handouts via DHCPv6) or a single botshifting within a /64 assignment, or given some layouts, perhapsshifting within a /48 assignment.


Jack

Current thread:

RE: misunderstanding scale, (continued)
- - - RE: misunderstanding scale Naslund, Steve (Mar 25)
    - Re: misunderstanding scale Owen DeLong (Mar 25)
    - Re: misunderstanding scale Matthias Leisi (Mar 26)
    - Re: misunderstanding scale John Levine (Mar 26)
    - RE: misunderstanding scale Naslund, Steve (Mar 26)
    - Re: misunderstanding scale Owen DeLong (Mar 26)
    - Re: misunderstanding scale Matthias Leisi (Mar 27)
    - Re: misunderstanding scale Chip Marshall (Mar 27)
    - Re: misunderstanding scale Barry Shein (Mar 27)
    - Re: misunderstanding scale, SMTP edition John Levine (Mar 26)
    - Re: misunderstanding scale, SMTP edition Jack Bates (Mar 26)
    - Re: misunderstanding scale, SMTP edition Lamar Owen (Mar 26)
    - Re: misunderstanding scale, SMTP edition Tony Finch (Mar 26)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Saku Ytti (Mar 23)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Tinka (Mar 23)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Andrews (Mar 23)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Tinka (Mar 23)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Nick Hilliard (Mar 23)
    - Re: misunderstanding scale (was: Ipv4 end, its fake.) Mark Andrews (Mar 23)
    - Re: misunderstanding scale Nick Hilliard (Mar 23)
    - Re: misunderstanding scale bmanning (Mar 23)

(Thread continues...)