IPv6 To Complicate Threat-Intelligence Landscape
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
A common type of Internet-based threat intelligence is the assigning of reputation scores to the source of traffic, usually expressed as a certain Internet address or domain.
Yet, with the gradual--some would say "glacial"--move to the Internet Protocol Version 6 (IPv6) address scheme, the Internet's address space will grow from merely big to nearly infinite. The vastness of the address space will cause problems for many threat-intelligence firms, from allowing attackers to use a new address for every attack to causing a rapid expansion in the size of the database needed to track the data on various sources, says Tommy Stiansen, chief technology officer for Norse, a real-time threat intelligence provider.
"IPv6 makes the whole thing interesting, because it's a lot bigger," Stiansen says. "Databases will have to be re-architected to handle the increased data. For anyone in threat intelligence, that will be the biggest challenge to overcome."
A small, but still significant, part of the Internet has adopted IPv6. While the global rate of adoption is a mere 1.6 percent, according to statistics provided by Google, about 4 percent of networks in the United States have an end-to-end implementation of IPv6. Moreover, the fraction of networks that use IPv6 is growing exponentially.
... Read full story on Dark ReadingPost a comment to the original version of this story on Dark Reading
