nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Ignorance

From: Jimmy Hess <mysidia () gmail com>
Date: Sun, 16 Sep 2012 19:24:35 -0500
On 9/16/12, John R. Levine <johnl () iecc com> wrote:


Large networks keep separate reputation for every address in the IPv4
address space based on the traffic they send.  You can't do that in IPv6,


That's true, but not an intended system for identifying and reporting abuse,
and the same idea occurs with IPv4 -- bots can just grab other IP
addresses in the subnet,
if there are not local protections in place to ensure a host cannot
ARP an IP that is not assigned to it...

So keep track of reputation of legitimate hosts instead of
"non-legitimate" hosts.
Maintain negative reputation at a /64  or shorter prefix level,  and  favorable
reputation at a /128 level.

If you have abuse detected on a /64,  then treat the entire /64  as
having a damaged
reputation,   except   for the  /128s  on the /64  that have a prior
positive reputation.


The identical thing cannot be done with IPv6,  but reputation systems
are still possible.



Regards,
John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

--
-JH
Previous By Date Next
Previous By Thread Next

Current thread: