LiveZilla Live Chat Software

The impact of IPv6 on message filtering systems

Written by Yves Lacombe on . Posted in Industry News

An interesting article was posted on Slashdot in December:

“As public IPv4 addresses dwindle and carriers roll out IPv6, a new problem has surfaced. We have to move through a gray phase where the only new globally routable addresses we can get are IPv6, but most public content we want to reach is still IPv4. Multiple-layers of NAT will be required to sustain the Internet for that time, perhaps for years. But use of Large Scale NAT (LSN) systems by service providers will cause problems for many applications and one of them is reputation filtering. Many security filtering systems use lists of public IPv4 addresses to identify ‘undesirable’ hosts on the Internet. As more ISPs deploy LSN systems, the effectiveness of these IPv4 filtering systems will be hurt.”

In the short term, this is definitely going to be a problem for email security companies that rely strongly on DNSBLs or reputation-based systems.

Scenario: a company NATs1 traffic from a single external IPv4 address to a large IPv6 IP pool. If one of the machines in the IPv6 space is infected and spamming the world, the honeypots collected by any DNSBL or reputation system will classify the IPv4 address as ‘dirty’ and block anything behind it, including the IPv6 space.  That’s a pretty bleak picture since there’s been a solid shift in email security towards reputation-based services and a de-emphasis on content filtering.

The advantage of using reputation-based systems combined with DNSBLs is that you can block a considerable amount of traffic before actually accepting the complete email.  In other words, the more traffic you reject at the front door, the fewer resources needed to scan the messages for bad content on the back end.

Content filtering has several inherent well-known costs:  it’s more CPU / memory intensive, and generally more prone to false-positives.  It costs a lot more to block a message after accepting the entire body.

However, as we slowly transition to IPv6, email security companies will have no choice but to continue enhancing their content filters, since the reliability of reputation-based systems will likely take a hit.

In other words, the transition period is going to be a real mess.  Companies that have maintained strong content-filtering systems will have the upper hand, as others scramble to catch up.

 

References:

1.       http://en.wikipedia.org/wiki/NAT : Network Address Translation

Tags: , , , , , , ,

Trackback from your site.

Yves Lacombe

Yves Lacombe

Yves Lacombe has been working on Internet Infrastructure products for over 15 years. He is an Internet Security expert and one of his company's gurus. He has forgotten more things about Email Security than most people will ever know. He runs numerous heavily secured email servers and is constantly getting in trouble while trying to hack into his company's products. Yves has two mottos that he lives by: “The buck stops here” and “Lets just get the job done”.

Leave a comment

Whitepaper Downloads

  • Spam Industry terms
  • Antispam checklists
  • Tips and tricks
  • In depth research analysis

Download

Customer Quote

Vircom's support is Amazing. I called them on Friday evening and was helped until everything was completely installed, tested, and running correctly.

    Steve Arsenault
    Sherman Consulting Services