Re: misunderstanding scale

[Owen DeLong <owen () delong com>]

On Mar 26, 2014, at 3:18 AM, Matthias Leisi <matthias () leisi net> wrote:

> On Wed, Mar 26, 2014 at 6:31 AM, Owen DeLong <owen () delong com> wrote:
>
>
> > OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6
> > block, has more than 18 quintillion addresses and there's not a computer on
> > the planet with enough memory (or probably not even enough disk space) to
> > store that block list.
>
> It only takes a single entry if you do not store /128s but that /64. Yes,
> RBL lookups do not currently know how to handle this, but there are a
> couple of good proposals around on how to do it.

Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat.

Admittedly, /48s are only 65,536 RBL entries per, but I still think that address-based
reputations are a losing battle in an IPv6 world unless we provide some way for providers
to hint at block sizes.

After all, if you start blocking a /64, what if it’s a /64 shared by thousands of hosting
customers at one provider offering virtuals?

> This would also reduce the risks from cache depletion attacks via DNSxL
> lookups to IPv4 levels.

Yes and no.

> Sometimes scale is everything. host-based reputation lists scale easily to
> > 3.2 billion host addresses. IPv6, not so easily.
>
> As soon as we get away from host-centric-view to a network-block-view,
> things get pretty straightforward.

Except where they don’t.

Owen