On Mar 29, 2013, at 4:13 AM, Mikael Abrahamsson <swmike@xxxxxxxxx> wrote: > My belief is that IP address reputation has always been flakey, it's just vastly more so with IPv6. > > What we need is a way to identify a "entity" subnet size. This work is probably wasted on IPv4, but it's definitely needed for IPv6. The ISP in question needs to be able to publish customer/entity subnet size so reputation can be done at this level. This approach works fine if one presumes that the problem is always just the customer (i.e. their ISP is actively interested in helping solve the problem.) For ISPs who are not as interested (or may have an actual motivation to hinder resolution of the problem), this will not work. While the above situation has also been somewhat true with IPv4, it is definitely the case with IPv6, since the typical address space allocation sizes provide ample space for whitewashing customers into new prefixes. As a result, it is questionable whether any IPv6 address-based reputation system can be successful (at least those based on voluntary principles.) /John