nanog mailing list archives
Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
From: Mark Andrews <marka () isc org>
Date: Fri, 02 Oct 2015 14:18:58 +1000
In message <560E00D4.7090400 () invaluement com>, Rob McEwen writes:
On 10/1/2015 11:44 PM, Mark Andrews wrote:IPv6 really isn't much different to IPv4. You use sites /48's rather than addresses /32's (which are effectively sites). ISP's still need to justify their address space allocations to RIR's so their isn't infinite numbers of sites that a spammer can get.A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit hoster assigns various /64s to DIFFERENT customers of theirs... that is a lot of collateral damage that would be caused by listing at the /48 level, should just one customer be a bad-apple spammer, or just one legit customer have a compromised system one day.
A hoster can get /48's for each customer. Each customer is technically a seperate site. It's this stupid desire to over conserve IPv6 addresses that causes this not IPv6.
Conversely, if a more blackhat ESP did this, but it was unclear that this was a blackhat sender until much later.. then LOTS of spam would get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, with the spammy ESP still having LOTS of /64s to spare.. remember, they started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, it would eventually become clear that the whole /48 should be blacklisted). other gray-hat situations between these two extremes can be even more frustrating because you then have the same "free passes" that the blackhat ESP gets... but you can't list the whole /48 without too much collateral damage. SUMMARY: So even if you moved into blocking at the /64 level, the spammers have STILL gained an order of magnitudes advantage over the IPv4 world.... any way you slice it. And blocking at the /48 level WOULD cause too much collateral damage if don't indiscriminately. And this is assuming that individual IPs are NEVER assigned individually (or in smaller-than-/64-allocations) . (maybe that is a safe assumption? I don't know? regardless, even if that were a safe assumption, the spammers STILL have gained a massive advantage) -- Rob McEwen +1 478-475-9032
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption"), (continued)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Rob McEwen (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Rob McEwen (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Philip Dorr (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mike Hammett (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mel Beckman (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mike Hammett (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Owen DeLong (Oct 03)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mike Hammett (Oct 03)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Owen DeLong (Oct 03)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mike Hammett (Oct 03)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mark Andrews (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Rob McEwen (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mark Andrews (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Rob McEwen (Oct 01)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Mark Andrews (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Sven-Haegar Koch (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Valdis . Kletnieks (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Stephen Satchell (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Chris Adams (Oct 02)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Owen DeLong (Oct 03)
- Re: How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption") Justin M. Streiner (Oct 02)