1 / 8

IPv6 Prefix Discovery

IPv6 Prefix Discovery. Murray S. Kucherawy <msk@cloudmark.com>. Today. IPv4-based email abuse prevention relies heavily on a database of IP addresses with “bad reputations” A database of addresses is no larger than 4.3 billion entries (of course)

silvio
Télécharger la présentation

IPv6 Prefix Discovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 Prefix Discovery Murray S. Kucherawy <msk@cloudmark.com>

  2. Today • IPv4-based email abuse prevention relies heavily on a database of IP addresses with “bad reputations” • A database of addresses is no larger than 4.3 billion entries (of course) • Most popular expression of these is the RBL (Realtime Block List, RFCxxxx), which is published via the DNS

  3. RBLs • Query: 1.2.3.4.rbl-root, ask for “A” • Reply: NXDOMAIN, or 127.0.0.1 • Or sometimes the octets in the reply encode reputation data • Caching and redundancy keep this functional and practical • …so far

  4. IPv6 • Vastly larger address space • Not practical to consider tracking reputation about each of them • No standard delegation size; commonly between /48 and /64 • A spammer could send junk from such a network and rarely, if ever, re-use a single address

  5. RBLs under IPv6 • Ignoring database size for a moment, this still won’t work • A spammer changing IP address quickly will mean caching of previous answers becomes useless • And other cached data will be flushed because of space limits • So this would clobber the DNS in general

  6. What’s needed • We need to be able to figure out , given an IP address, the size of the endpoint delegation • Allows address aggregation by reputation systems • Keeps the query space about the same as it is for IPv4 now • IRTF has an idea out there that allows the DNS to express IP ranges

  7. Some ideas • Publish it via WHOIS • WHOIS isn’t standard and doesn’t seem scalable • Some registrars can’t be trusted to publish real data • Get it from BGP • MTAs don’t really have access to BGP data • We’d need a standard interface to exchange it between the lower layers and the higher ones

  8. Can you help? • Does this working group’s mandate fit the idea of exploring this? • Or does it belong in some other WG? • How would you suggest we go about doing this?

More Related