[GTER] IPv6 intro creates spam-filtering nightmare

Mario Gama gama.mario at gmail.com
Mon Mar 14 09:38:14 -03 2011 

Olá amigos, encaminho esta matéria por entender que aborda, e
confronta, dois assuntos sempre recorrentes aqui na lista:
- Necessidade de maior adesão ao IPv6
- Necessidade de combate ao SPAM

Pelo que entendo a materia cita a não existência suporte a BlackLists
de IPv6 como um problema e um dos especialistas inclusive cita que os ISP
não devem aceitar trafego de email de redes IPv6 a não ser que venham de
origens conhecidas ou sabidamente seguras.

Encaminho com o intuito de provocação mesmo. Mas uma provocação sadia,
direcionada a uma discussão produtiva entre nós. Quem sabe origine até um
artigo para o proximo encontro.v



Original URL:
http://www.theregister.co.uk/2011/03/08/ipv6_spam_filtering_headache/
IPv6 intro creates spam-filtering nightmare

Blacklist extinction looms

By John Leyden<http://forms.theregister.co.uk/mail_author/?story_url=/2011/03/08/ipv6_spam_filtering_headache/>

Posted in Spam <https://mail.google.com/security/spam/>, 8th March 2011
14:16 GMT <https://mail.google.com/2011/03/08/>

The migration towards IPv6, which has been made necessary by the expansion
of the internet, will make it harder to filter spam messages, service
providers warn.

The current internet protocol, IPv4, has a limited address space which is
reaching exhaustion* thanks to the fast uptake of internet technology in
populous countries such as India and China and the more widespread use of
smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3
billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet
address, it creates a host of problems for security service providers, who
have long used databases of known bad IP addresses to maintain blacklists of
junk mail cesspools. Spam-filtering technology typically uses these
blacklists as one (key component) in a multi-stage junk mail filtering
process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email
providers is to track bad IP addresses sending email and block them – a
process known as IP blacklisting," explained Stuart Paton, a senior
solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this
technique will no longer be possible and could mean that email systems would
quickly become overloaded if new approaches are not developed to address
this."

Other security technologies also track IP addresses for various purposes,
including filtering out sources of denial of service attacks, click fraud
and search engine manipulation. Tracking a vastly expanded IP address space
will make life much harder for network defenders, Paton warns.

"As an example, the address space is so large that it would be easy for
spammers to use a single IP address just once to send a single email," he
said.

The information security industry and ISPs need to collaborate on working
out how to resolve the problem in order to make sure inboxes are not flooded
with more junk mail thanks to the introduction of the new internet-address
protocol. In the meantime, Cloudmark suggests interim restriction might need
to be applied to preserve existing systems.

"Cloudmark advocates that ISPs do not initially need to be able to receive
mail from IPv6 addresses (on inbound) except from their own customers (known
as outbound)," Paton explained. "This would ensure business continuity for
ISPs and provisioning of ADSL/Cable modems to continue. This measure will
also protect the IPv4 reputation system that is currently in use and working
well."

Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs),
confirmed that other security firms are also considering whether to apply
tougher controls on mail from IPv6 networks.   "It [IPv6] is definitely a
real area of concern in the anti-spam community, and opinion varies on
whether businesses should accept mail on IPv6 or not for this reason," Woods
told *El Reg*. "I'm of the opinion that at least for the moment they
shouldn't, unless the connections are from a trusted source."

Email is a two-way communication protocol (unlike web browsing), so
legitimate IPv6 mail servers, outside of academia and testing environments,
will need to support IPv4 for some years. "Relatively speaking, there are
very few real mail servers in the world, so the starvation of IPv4 will not
affect them much because there will for a very long time be a resale market
in the IPv4 address space," Wood added.

Wood told *El Reg* that although the move to IPv6 is a bit of a headache for
spam-filtering, it might also make life harder for hackers hoping to take
advantage of open relays to distribute spam or mount other types of security
attacks.

"While the arrival of IPv6 is likely to eliminate the usefulness of
traditional IP-based blacklists, it is also likely to reduce the issues that
arise from port-scanning of open relays and other vulnerabilities," Wood
explained. "The IPv6 address space is so large it wouldn't be scalable from
the bad-guys perspective – the returns will diminish over time." ®

* Although the last big blocks of IPv4 address space were allocated last
month, there is plenty of assigned but unused space, estimated to be as high
as 50 per cent by some experts. That means the resale market for IPv4
addresses is likely to last several years, at minimum.
 Related stories

   - World shrugs as IPv4 addresses finally
exhausted<https://mail.google.com/2011/02/02/ipv4_exhaustion/> (2
   February 2011)

   http://www.theregister.co.uk/2011/02/02/ipv4_exhaustion/
   - 97% of INTERNET NOW FULL UP, warn IPv4 shepherd
boys<https://mail.google.com/2010/12/01/ipv4_countdown/> (1
   December 2010)

   http://www.theregister.co.uk/2010/12/01/ipv4_countdown/
   - US.gov set IPv6 upgrade
deadlines<https://mail.google.com/2010/09/29/us_ipv6_upgrade_deadline/>
(29
   September 2010)

   http://www.theregister.co.uk/2010/09/29/us_ipv6_upgrade_deadline/
   - Defcon speaker calls IPv6 a 'security
nightmare'<https://mail.google.com/2010/08/06/ipv6_security_nightmare/>
(6
   August 2010)

   http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/
   - US domain registrar does IPv6,
DNSSEC<https://mail.google.com/2010/07/13/name_dot_com_does_ipv6_and_dnssec/>
(13
   July 2010)


   http://www.theregister.co.uk/2010/07/13/name_dot_com_does_ipv6_and_dnssec/
   - Net shakeup looms as IPv4 resources start running
low<https://mail.google.com/2010/06/01/ipv4_exhaustion_analysis/> (1
   June 2010)

   http://www.theregister.co.uk/2010/06/01/ipv4_exhaustion_analysis/
   - Ready or not, IPv6 is
coming<https://mail.google.com/2009/04/03/ipv6_analysis/> (3
   April 2009)

   http://www.theregister.co.uk/2009/04/03/ipv6_analysis/

More information about the gter mailing list