On Mar 29, 2013, at 4:13 AM, Mikael Abrahamsson
<swmike(_at_)swm(_dot_)pp(_dot_)se> wrote:
My belief is that IP address reputation has always been flakey, it's just
vastly more so with IPv6.
What we need is a way to identify a "entity" subnet size. This work is
probably wasted on IPv4, but it's definitely needed for IPv6. The ISP in
question needs to be able to publish customer/entity subnet size so
reputation can be done at this level.
This approach works fine if one presumes that the problem is always just
the customer (i.e. their ISP is actively interested in helping solve the
problem.) For ISPs who are not as interested (or may have an actual
motivation to hinder resolution of the problem), this will not work.
While the above situation has also been somewhat true with IPv4, it is
definitely the case with IPv6, since the typical address space allocation
sizes provide ample space for whitewashing customers into new prefixes.
As a result, it is questionable whether any IPv6 address-based reputation
system can be successful (at least those based on voluntary principles.)
/John