IETF Logo Mail Archive

Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)

Tim Chown <tjc@ecs.soton.ac.uk> Tue, 11 November 2008 12:37 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCEA628C1B7; Tue, 11 Nov 2008 04:37:47 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5703328C1B7 for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 04:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8cOklj14gjw for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 04:37:45 -0800 (PST)
Received: from owl.ecs.soton.ac.uk (owl.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe77:96e]) by core3.amsl.com (Postfix) with ESMTP id 05B4228C0D7 for <ietf@ietf.org>; Tue, 11 Nov 2008 04:37:44 -0800 (PST)
X-ECS-MailScanner-Watermark: 1227011840.41282@0AecHPtK/lFWan+eMHqqLw
Received: from gander.ecs.soton.ac.uk ([IPv6:2001:630:d0:f102:21d:9ff:fe22:9fc]) by owl.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id mABCbKfS003293 for <ietf@ietf.org>; Tue, 11 Nov 2008 12:37:20 GMT
Received: from login.ecs.soton.ac.uk (login.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe59:5f12]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id mABCbXJ4025613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Tue, 11 Nov 2008 12:37:34 GMT
Received: from login.ecs.soton.ac.uk (localhost.localdomain [127.0.0.1]) by login.ecs.soton.ac.uk (8.13.8/8.11.6) with ESMTP id mABCbXcU024437 for <ietf@ietf.org>; Tue, 11 Nov 2008 12:37:33 GMT
Received: (from tjc@localhost) by login.ecs.soton.ac.uk (8.13.8/8.13.8/Submit) id mABCbXq4024436 for ietf@ietf.org; Tue, 11 Nov 2008 12:37:33 GMT
Date: Tue, 11 Nov 2008 12:37:33 +0000
From: Tim Chown <tjc@ecs.soton.ac.uk>
To: ietf@ietf.org
Subject: Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
Message-ID: <20081111123733.GB19127@login.ecs.soton.ac.uk>
Mail-Followup-To: ietf@ietf.org
References: <20081110130255.49372.qmail@simone.iecc.com> <491850D0.2070300@network-heretics.com> <alpine.LSU.2.00.0811101820090.30582@hermes-1.csi.cam.ac.uk> <49187FC3.4070308@network-heretics.com> <alpine.LSU.2.00.0811101841070.23184@hermes-1.csi.cam.ac.uk> <491881B6.4020103@network-heretics.com> <alpine.LSU.2.00.0811101857090.23184@hermes-1.csi.cam.ac.uk>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <alpine.LSU.2.00.0811101857090.23184@hermes-1.csi.cam.ac.uk>
User-Agent: Mutt/1.4.2.2i
X-ECS-MailScanner-ID: mABCbXJ4025613
X-ECS-MailScanner: Found to be clean, Found to be clean
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: mABCbKfS003293
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Mon, Nov 10, 2008 at 07:04:27PM +0000, Tony Finch wrote:
> On Mon, 10 Nov 2008, Keith Moore wrote:
> >
> > okay.  I found myself wondering if the change in address space size, and
> > in granularity of assignment, might make DNSBLs less reliable.  Which is
> > a different kind of scalability.
> 
> IPv6's bigger address space affects more security mechanisms than just
> DNSBLs, such as defensive port scanning, traffic auditing, etc.
> 
> http://www.watersprings.org/pub/id/draft-chown-v6ops-port-scanning-implications-02.txt

Thanks Tony - that draft has now emerged as RFC5157:

http://www.ietf.org/rfc/rfc5157.txt

The granularity of the address space that might appear in a blacklist is
an interesting question.   I would guess that where today a single IPv4
address appears, a whole IPv6 /64 would be required, at least, since a
client on a IPv6 link could in principle use any of the 2^64 available
host addresses.    But it may be worse, if whole /48's are assigned to 
DSL users for example (although there seems to be pushback to /56 for SOHO
type networks).    The question then is whether the single IPv6 address
or link it is on is blacklisted, or whether the blacklist includes the
'default' site prefix size.

On a related tack, I've been gathering stats on our recorded IPv6 transport 
mail volumes and identified spam since Dublin, and will analyse these soon 
and pop out a draft with appropriate observations.    We've seen a fairly
consistent figure of 50% of our IPv6 transport connections being classified
as spam by our MailScanner system since Dublin.

Tim
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email