|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
||||
IPv6 and address reputation management: blocklists, &c.
As noted I have just deployed IPv6 on a personal network. That was so I could reach a production server I've also just deployed with IPv6.
With this very small deployment, I have been assigned 2 /64 IPv6 subnets by two ISPs. For those unfamiliar with IPv6, that is a lot of addresses. If I've done the math right, two /64 subnets is 3.69e+19 addresses. Nearly 37 septillion addresses. Specifically: 36,893,488,148,419,103,232 unique IP addresses. So I'm musing on IP blocklists of all kinds, since there are an (effectively) limitless number of IP addresses. Even non-abusers will change addresses from nearly limitless pools, as NICs with autoconfiguration privacy extensions change the outbound address frequently. For IPv4, we have many IP-based reputation lists: blocklists of prior abusers. Blacklists of known abusers. Greylists of possible abusers. And whitelists of assumed non-abusers. But it has me wondering. Regarding Email, for example, Spamhous says: Quote:
I'm not doing anything different for IPv6 -- yet. But it's a new server, and I haven't seen any IPv6 abuse in my logs ... so far. Other than my own connection tests, I'm only seeing Google connections to the server using IPv6. Last edited by jggimi; 18th January 2017 at 02:10 PM. Reason: typo, some clarity |
|
||||
Terry Zink published a 5-part article on IPv6 Email on MSDN in 2012. Part 2 was Why we use IP blocklists in IPv4, and why we can’t in IPv6.
Quote:
Zink foresees manual greylisting (website form-filling with captcha) to consider new whitelist memberships, which I believe would be unworkable at any sort of scale, and is only possible if those seeking whitelisting use static addresses. If autoconfiguration privacy extensions are deployed, even whitelisting is a non-starter unless one whitelists the 64/ subnet. Last edited by jggimi; 18th January 2017 at 02:09 PM. Reason: thinko |
|
|||
I'm not professional sysadmin and I don't have professional experience in this, but I have read this article some time ago and it makes sense to me.
http://www.techrepublic.com/blog/it-...ight-spammers/ Quote:
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
fan speed management | Oficre_josef | OpenBSD General | 5 | 13th November 2014 07:19 PM |
5.6 ifconfig add IPv6 address no longer adds route for whole subnet. | SlyM | OpenBSD General | 6 | 4th November 2014 02:05 PM |
With World IPv6 Launch, IPv6 on by default will be the new normal | J65nko | News | 0 | 29th March 2012 07:59 PM |
log file management | drummondislebsd | FreeBSD General | 3 | 5th January 2011 01:11 PM |
Asking about IPv6 address | berlowin | Off-Topic | 2 | 9th July 2008 02:39 AM |