On Mon, Nov 10, 2008 at 07:04:27PM +0000, Tony Finch wrote:
On Mon, 10 Nov 2008, Keith Moore wrote:
okay. I found myself wondering if the change in address space size, and
in granularity of assignment, might make DNSBLs less reliable. Which is
a different kind of scalability.
IPv6's bigger address space affects more security mechanisms than just
DNSBLs, such as defensive port scanning, traffic auditing, etc.
http://www.watersprings.org/pub/id/draft-chown-v6ops-port-scanning-implications-02.txt
Thanks Tony - that draft has now emerged as RFC5157:
http://www.ietf.org/rfc/rfc5157.txt
The granularity of the address space that might appear in a blacklist is
an interesting question. I would guess that where today a single IPv4
address appears, a whole IPv6 /64 would be required, at least, since a
client on a IPv6 link could in principle use any of the 2^64 available
host addresses. But it may be worse, if whole /48's are assigned to
DSL users for example (although there seems to be pushback to /56 for SOHO
type networks). The question then is whether the single IPv6 address
or link it is on is blacklisted, or whether the blacklist includes the
'default' site prefix size.
On a related tack, I've been gathering stats on our recorded IPv6 transport
mail volumes and identified spam since Dublin, and will analyse these soon
and pop out a draft with appropriate observations. We've seen a fairly
consistent figure of 50% of our IPv6 transport connections being classified
as spam by our MailScanner system since Dublin.
Tim
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf