Re: [Asrg] DNSBL and IPv6
"Emanuele Balla (aka Skull)" <skull@bofhland.org> Thu, 25 October 2012 16:10 UTC
Return-Path: <skull@bofhland.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id AAF6921F8956 for <asrg@ietfa.amsl.com>;
Thu, 25 Oct 2012 09:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level:
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.052,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BaxLoYNSqVek for
<asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 09:10:56 -0700 (PDT)
Received: from mithrandir.bofhland.org (mithrandir.bofhland.org
[IPv6:2a02:9a8:94::b]) by ietfa.amsl.com (Postfix) with ESMTP id D4DA021F8789
for <asrg@irtf.org>; Thu, 25 Oct 2012 09:10:55 -0700 (PDT)
Received: from zarathustra.local (zarathustra.spin.it [147.123.15.60]) by
mithrandir.bofhland.org (Postfix) with ESMTPSA id D45046C0A1 for
<asrg@irtf.org>; Thu, 25 Oct 2012 18:10:53 +0200 (CEST)
Message-ID: <5089648C.4010907@bofhland.org>
Date: Thu, 25 Oct 2012 18:10:52 +0200
From: "Emanuele Balla (aka Skull)" <skull@bofhland.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
rv:16.0) Gecko/20121010 Thunderbird/16.0.1
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20121025024859.3176.qmail@joyce.lan>
<A6AF6224-421E-4483-834B-A1F658BEC7C6@blighty.com>
<50891887.50103@pscs.co.uk>
<0D79787962F6AE4B84B2CC41FC957D0B0D22655F@abn-exch1b.green.sophos>
<50894EBB.5090907@bofhland.org> <50895CB6.8030802@pscs.co.uk>
In-Reply-To: <50895CB6.8030802@pscs.co.uk>
X-Enigmail-Version: 1.4.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2012 16:10:56 -0000
On 10/25/12 5:37 PM, Paul Smith wrote: > On 25/10/2012 15:37, Emanuele Balla (aka Skull) wrote: > >> For point 1, there will be a limit to this change rate, at least when we >> speak about bots, and it's even been cited here already: a single >> machine can't use too many addresses without saturating its router >> neighbor table. >> Which is a valid esteem for the number of different IPs the >> IPv6-address-change-mechanism will be able to use effectively, then? >> Truth is we don't know for sure... > Hmm - I've heard talk about this problem of saturating the router > neighbour table. To be honest, I'm not entirely sure what a 'neighbour > table' is... Basically, the ARP table, except for IPv6 not using ARP at all... > But, why would people have a /64 block if the router can't > cope with it? The point is a /64 allows basically an infinite number of devices in one single network (2^64 being big enough to be considered infinite for our purpose). This doesn't mean a router should be able to manage an infinite amount of devices: no router could accomplish this requirement... :-) The router basically needs to cope with a given number of devices inside the /64. Maybe 10, maybe 100, maybe 1000, but a limited amount, compared to 2^64. The neighbor table must be able to keep track of IPv6-MAC associations for each device. But if one of these devices starts changing address quickly enough, it's going to saturate the router memory (or only the neighbor table) at some point... What happens next depends on how the router will manage the issue... -- Paranoia is a disease unto itself. And may I add: the person standing next to you may not be who they appear to be, so take precaution. ----------------------------------------------------------------------------- http://bofhskull.wordpress.com/
- [Asrg] DNSBL and IPv6 Mikael Abrahamsson
- Re: [Asrg] DNSBL and IPv6 Matthias Leisi
- Re: [Asrg] DNSBL and IPv6 Mikael Abrahamsson
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 Dave Warren
- Re: [Asrg] DNSBL and IPv6 Steve Atkins
- Re: [Asrg] DNSBL and IPv6 Mikael Abrahamsson
- Re: [Asrg] DNSBL and IPv6 Matthias Leisi
- Re: [Asrg] DNSBL and IPv6 Peter J. Holzer
- Re: [Asrg] DNSBL and IPv6 Bart Schaefer
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 Peter J. Holzer
- Re: [Asrg] DNSBL and IPv6 Peter J. Holzer
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 Tim Chown
- Re: [Asrg] DNSBL and IPv6 Hal Murray
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 Steve Atkins
- Re: [Asrg] DNSBL and IPv6 Paul Smith
- Re: [Asrg] DNSBL and IPv6 Martijn Grooten
- Re: [Asrg] DNSBL and IPv6 Matthias Leisi
- Re: [Asrg] DNSBL and IPv6 John Levine
- Re: [Asrg] DNSBL and IPv6 Rob McEwen
- Re: [Asrg] DNSBL and IPv6 Emanuele Balla (aka Skull)
- Re: [Asrg] DNSBL and IPv6 Emanuele Balla (aka Skull)
- Re: [Asrg] DNSBL and IPv6 Paul Smith
- Re: [Asrg] DNSBL and IPv6 Rob McEwen
- Re: [Asrg] DNSBL and IPv6 Emanuele Balla (aka Skull)
- Re: [Asrg] DNSBL and IPv6 Rob McEwen
- Re: [Asrg] DNSBL and IPv6 Paul Smith
- Re: [Asrg] DNSBL and IPv6 Emanuele Balla (aka Skull)
- Re: [Asrg] DNSBL and IPv6 Paul Smith
- Re: [Asrg] DNSBL and IPv6 Scott Howard
- Re: [Asrg] DNSBL and IPv6 Hal Murray
- Re: [Asrg] DNSBL and IPv6 Emanuele Balla (aka Skull)
- Re: [Asrg] DNSBL and IPv6 Mikael Abrahamsson
- Re: [Asrg] DNSBL and IPv6 Matthias Leisi
- Re: [Asrg] DNSBL and IPv6 Matthias Leisi
- Re: [Asrg] DNSBL and IPv6 Paul Smith
- Re: [Asrg] DNSBL and IPv6 Jeff Macdonald
- Re: [Asrg] DNSBL and IPv6 John Levine