IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

Mikael Abrahamsson <swmike@swm.pp.se> Fri, 26 October 2012 13:27 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F7121F85F9 for <asrg@ietfa.amsl.com>; Fri, 26 Oct 2012 06:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.535
X-Spam-Level:
X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7H1pHOqN0t0N for <asrg@ietfa.amsl.com>; Fri, 26 Oct 2012 06:27:39 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) by ietfa.amsl.com (Postfix) with ESMTP id CB7C721F85E8 for <asrg@irtf.org>; Fri, 26 Oct 2012 06:27:38 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 73BA79E; Fri, 26 Oct 2012 15:27:35 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 6F7629A for <asrg@irtf.org>; Fri, 26 Oct 2012 15:27:35 +0200 (CEST)
Date: Fri, 26 Oct 2012 15:27:35 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <50894EBB.5090907@bofhland.org>
Message-ID: <alpine.DEB.2.00.1210261525060.28593@uplift.swm.pp.se>
References: <20121025024859.3176.qmail@joyce.lan> <A6AF6224-421E-4483-834B-A1F658BEC7C6@blighty.com> <50891887.50103@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B0D22655F@abn-exch1b.green.sophos> <50894EBB.5090907@bofhland.org>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 13:27:39 -0000

On Thu, 25 Oct 2012, Emanuele Balla (aka Skull) wrote:

> At the end, everything will be about how fast abusive/infected machines
> will move around the address space:
>
> 1) from one IP to another inside their own /64
> 2) from one /64 to another
> 3) from one ISP to another, particularly where showshoe-like schemes are
> in place

I believe it's going to be common enough that legitimate MTAs will move 
around within their /64 quite frequently (privacy extensions that are 
default on in Windows for instance), means outgoing IPv6 address will move 
to a new outgoing address every N hours (where N is somewhere between 
1-48, I don't know exactly).

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.8.7 | Report a Bug | By Email