IPv4 and the 1st of Feb 2011 – understanding what has changed and why IPv6 is closer

by

APNIC announced today that they have been allocated the final allocation made by IANA of IPv4 /8 blocks under the current framework.

Come again??  Translation:

IANA (Internet Assigned Numbers Authority) allocate blocks of IPv4 addresses to five Regional Internet Registries (RIRs) – these are shown on the map below.  These RIRs then split the IP addresses between the numerous ISPs and organizations in each region.  Each allocated block represents about 16 million IP addresses.

Today (Feb 1st) APNIC – the RIR representing the Far East and Australia region got 2 of the remaining 7 blocks.  This means there are only 5 blocks left and each RIR will automatically get one of these.  The RIRs will then start dishing out IP addresses within their regions until (deep breath) the addresses are exhausted (another deep breath).   This is estimated to occur in late 2011.

This is supremely interesting for us security oriented folks since it is yet another signal of the inevitable approach of IPv6 – bringing along some new challenges in the spam-blocking world.  A refresher:

  • IPv4 allows about 4,294,967,296 addresses
  • IPv6 allows 340,000,000,000,000,000,000,000,000,000,000,000,000 addresses.

In the messaging security universe, IPv6 will affect IP blacklists.  Blacklists are designed to filter spam at the IP address level and are based on the assumption that each zombie is attached to one IP address (or an identifiable range).

Now consider the IPv6 scenario – a zombie computer could send a single spam email from a single IPv6 address and then (with a huge range of IPs available) move on to the next address to send the next spam email.  The result – less spam per IP address, less thresholds crossed and a harder time telling who the zombies are.

Commtouch’s GlobalView Mail Reputation is covered of course – more about this in the coming months.

Go back