On Mon, Nov 10, 2008 at 07:04:27PM +0000, Tony Finch wrote: > On Mon, 10 Nov 2008, Keith Moore wrote: > > > > okay. I found myself wondering if the change in address space size, and > > in granularity of assignment, might make DNSBLs less reliable. Which is > > a different kind of scalability. > > IPv6's bigger address space affects more security mechanisms than just > DNSBLs, such as defensive port scanning, traffic auditing, etc. > > http://www.watersprings.org/pub/id/draft-chown-v6ops-port-scanning-implications-02.txt Thanks Tony - that draft has now emerged as RFC5157: http://www.ietf.org/rfc/rfc5157.txt The granularity of the address space that might appear in a blacklist is an interesting question. I would guess that where today a single IPv4 address appears, a whole IPv6 /64 would be required, at least, since a client on a IPv6 link could in principle use any of the 2^64 available host addresses. But it may be worse, if whole /48's are assigned to DSL users for example (although there seems to be pushback to /56 for SOHO type networks). The question then is whether the single IPv6 address or link it is on is blacklisted, or whether the blacklist includes the 'default' site prefix size. On a related tack, I've been gathering stats on our recorded IPv6 transport mail volumes and identified spam since Dublin, and will analyse these soon and pop out a draft with appropriate observations. We've seen a fairly consistent figure of 50% of our IPv6 transport connections being classified as spam by our MailScanner system since Dublin. Tim _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf