On 1/30/22 17:06, Töma Gavrichenkov wrote:
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content
provider, and that person told me they don't enable IPv6 because doing
otherwise produces tons of comment spam.
This makes no sense at all, and is not my experience.
The thing is, we have this spam problem. This is not really the
"information security issue" you've mentioned, this is just a glimpse of
a real issue.
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of
bots, spammers, password brute force programs live in there, and it's
significantly harder to correlate and ditch these with the sparse IPv6
address space.
Then you're doing it wrong. With IPv6 don't drill down more granular
than a /64 when filtering.
ISPs don't typically focus on these kinds of things but ISPs, speaking
of large ones, are also typically champions in IPv6 deployment. It's
usually content providers who don't do their stuff. And, as sad as it
gets, it's not getting away any time soon since it's there for a reason.
Comment spam isn't a valid reason to avoid deploying IPv6. Not even
remotely close to one.
--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV