[170302] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Mar 26 01:33:34 2014
From: Owen DeLong <owen@delong.com>
In-Reply-To: <9578293AE169674F9A048B2BC9A081B4B5422952@MUNPRDMBXA1.medline.com>
Date: Tue, 25 Mar 2014 22:31:25 -0700
To: "Naslund, Steve" <SNaslund@medline.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> IPv6 adds an entirely new aspect to it.
>=20
> Well, if you mean the entirely new aspect is a list of hex addresses =
instead of dotted decimal addresses I guess so. I personally would =
rather have a list of actual end system addresses than a list of =
addresses that represent a mail server and several thousand other =
innocent devices behind a NAT. Might be easier to tell the system owner =
which system is compromised than to call a large company and tell them =
one of their systems is compromised. It would also be nice to be able =
to allow legitimate email to a business partner while blocking his =
compromised system only. =20
>=20
I thin the new dimension is that a spammer today who manages to snag a =
/8 has 16.7 million addresses to play with. Even if he forces you to add =
each and every one to your list, that=92s a few megabytes for a VERY =
large IPv4 block.
OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 =
block, has more than 18 quintillion addresses and there=92s not a =
computer on the planet with enough memory (or probably not even enough =
disk space) to store that block list.
Sometimes scale is everything. host-based reputation lists scale easily =
to 3.2 billion host addresses. IPv6, not so easily.
Owen
