[170343] in North American Network Operators' Group
Re: misunderstanding scale, SMTP edition
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Mar 26 13:41:11 2014
Date: Wed, 26 Mar 2014 12:33:40 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <20140326170906.13315.qmail@joyce.lan>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 3/26/2014 12:09 PM, John Levine wrote:
>> OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses
>> and there�s not a computer on the planet with enough memory (or probably not even enough disk space) to store that
>> block list.
>>
>> Sometimes scale is everything. host-based reputation lists scale easily to 3.2 billion host addresses. IPv6, not so easily.
> Quite right. If I were a spammer or an ESP who wanted to listwash, I
> could easily use a different IP addres for every single message I sent.
>
>
Which isn't too bad for the spam block lists, as they will usually
escalate and block /64 and shorter anyways.
It will be problematic for handling something like CBL, though. DHCP
shifted occasionally, but not as often as IPv6 privacy addresses can.
The botnet world is where the problems will arise, and not just for
spam. It becomes even more problematic, as you don't know if you have
multiple bots in a /64 (individual handouts via DHCPv6) or a single bot
shifting within a /64 assignment, or given some layouts, perhaps
shifting within a /48 assignment.
Jack
