On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews <[email protected]> wrote: > If a ASN is announcing 2002::/16 then they are are happy to get the > traffic. It > they don’t want it all they have to do is withdraw the prefix. It is not > up to > the rest of us to second guess their decision to keep providing support. >
That sounds like an interesting attack scenario where a malicious actor can insert themselves in a path, via bgp, announcing 6to4 space > If you filter 2002::/16 then you are performing a denial-of-service attack > on > the few sites that are still using it DELIBERATELY. > > None of the problems required removing it from BGP. There were end sites > that > had firewalls that blocked 6to4 responses and the odd site that ran a > gateway > and failed to properly manage it. The rest could have been dealt with by > configuring more gateways. If every dual stacked ASN had run their own > gateways > there wouldn’t have been a scaling issue. i.e. take the 2002::/16 traffic > and > dump it onto IPv4 as soon as possible and take the encapsulated traffic > for the > rest of IPv6 and de-encapsulate it as soon as possible. > > Mark > > On 19 Jun 2018, at 8:56 am, McBride, Mack <[email protected]> > wrote: > > > > This should have been filtered before. > > Lots of people improperly implemented this so it caused issues. > > > > Mack > > > > -----Original Message----- > > From: NANOG [mailto:[email protected]] On Behalf Of John Kristoff > > Sent: Monday, June 18, 2018 3:48 PM > > To: Job Snijders <[email protected]> > > Cc: NANOG [[email protected]] <[email protected]> > > Subject: Re: Time to add 2002::/16 to bogon filters? > > > > On Mon, 18 Jun 2018 21:08:05 +0000 > > Job Snijders <[email protected]> wrote: > > > >> TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters? > > > > Hi Job, > > > > I've been asking people about this recently. I don't particularly like > having misdirected traffic or badly configured hosts sending junk to those > who happen to be announcing addresses from this prefix. I'm planning on > adding this to a bogon filter here. > > > > John > > E-MAIL CONFIDENTIALITY NOTICE: > > The contents of this e-mail message and any attachments are intended > solely for the addressee(s) and may contain confidential and/or legally > privileged information. If you are not the intended recipient of this > message or if this message has been addressed to you in error, please > immediately alert the sender by reply e-mail and then delete this message > and any attachments. If you are not the intended recipient, you are > notified that any use, dissemination, distribution, copying, or storage of > this message or any attachment is strictly prohibited. > > > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > >
