On Thu, 28 Mar 2013, Douglas Otis wrote:
IPv6 makes publishing IP address reputations impractical. Since IP
address reputation has been a primary method for identifying abusive
sources with IPv4, imposing ineffective and flaky replacement strategies
has an effect of deterring IPv6 use.
My belief is that IP address reputation has always been flakey, it's just
vastly more so with IPv6.
What we need is a way to identify a "entity" subnet size. This work is
probably wasted on IPv4, but it's definitely needed for IPv6. The ISP in
question needs to be able to publish customer/entity subnet size so
reputation can be done at this level.
This information might today be available using whois to the RIR, but
that's not very practical publication method for quick lookups.