On Thu, 2004-05-20 at 02:00, Barry Shein wrote:
On May 19, 2004 at 15:45 jswitte(_at_)bloomington(_dot_)in(_dot_)us (Jim
Witte) wrote:
> Does IPv6 add anything to the spam puzzle? Because with IPv6, the
> address space is so big that every person and his dog on Earth could
> potentially have a separate address. Would that make
> tracking/controlling stuff easier?
>
> Jim
Well, we could insist that everyone use an IPv6 address which is an
MD5 hash of their DNA (or at least an index into a table which holds
that info.)
ROTFL, never heard of hierarchy I guess? Also how are you going to force
a person who is already doing something bad to conform to that? :)
Seriously, you should really read up on how IPv6 addresses are
allocated, thus please read up. I'd suggest you read:
Steve Deerings IPv6 masterclass:
http://www.isoc.nl/activ/2002-Masterclass-IETF-IPv6.htm
(dutch domain but in english...)
Cisco's ABC Of IP Version 6
http://www.cisco.com/en/US/products/sw/iosswrel/ios_abcs_ios_the_abcs_ip_version_6_listing.html
I think we'd have to better understand address allocation policies and
procedures in a world where IPv6 was widely deployed.
There is already enough deployment to understand this, one could even
quite easily understand it from the allocation documents.
Every ISP gets something in the range of a /20 till a /32 (older /35).
Every endsite, may that be a user or a complete organisation gets a /48.
Thus if you have a spammer from say 2001:db8:1::1/48 you simply block
that /48, if the ISP then decides to move him to another /48, block the
/32.
Bingo, presto done, now they need to move to another ISP.
Also a good thing about IPv6 is that ISP's usually only have one prefix,
main reason for this is less routing, but that also makes sure that one
ISP can't easily use multiple seperate prefixes to do their evil work
from unless they have requested multiple of them. Of course a spammer
can get multiple, and then a lot of /48's but I think that most ISP's
won't give out a /48 so quickly, thus if they do it is quite easy to see
that those ISP's are also in the game -> block.
On another note I already have seen the following scenario:
IPv4 spammer spams a dual stack (IPv4+IPv6) host, which is an openrelay.
Destination emails have a MX that does IPv6, thus the spam comes in on
IPv6.
There is one problem here, how to trace them, especially with the many
tunnel brokers and other odd setups out there that allow people to quite
anonymously sign up, that is a big problem as they can hide quite well
and you need to cooperation of that TB to get it sorted. Or more easy,
just insert a prefix into the BGP tables, most ISP's don't filter at all
so that is quite doable, long live RIS and GRH for those cases though.
And a third one: 6to4. Every Windows box and most Linux/BSD boxes
support this, IPv4: aa.bb.cc.dd (dec->hex) -> 2002:<aabb>:<ccdd>::/48
et tada you made a IPv6 address from a IPv4 address but these are of
course traceable.
Greets,
Jeroen
signature.asc
Description: This is a digitally signed message part