[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Sam Reed (reedy) s...@reedyboy.net changed: What|Removed |Added Blocks||35540 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Marcin Cieślak marcin.cies...@gmail.com changed: What|Removed |Added CC||marcin.cies...@gmail.com --- Comment #10 from Marcin Cieślak marcin.cies...@gmail.com 2012-03-27 22:39:05 UTC --- I think blocking of IPv6 should assume /64 by default, but it should be modifiable. Probably out subnet/host block distinction should go away, even for IPv4 (just have /32 as kind of special default case). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 jas...@jasperswebsite.co.cc changed: What|Removed |Added CC||jas...@jasperswebsite.co.cc --- Comment #9 from jas...@jasperswebsite.co.cc 2012-01-14 23:21:58 UTC --- I've proposed a /32 as the technical maximum because GoDaddy and other webhosts get ranges of that size. I do not believe the WMF should give leniency with /80 or /96 because one single user never will have a range of that size. If a /64 represents a group, just block single addresses. The default should indeed be a /64, but we have to be careful about ISPs who issue /56, /48, and 6to4 addresses. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Carl Austin Bennett carlb...@hotmail.com changed: What|Removed |Added CC||carlb...@hotmail.com --- Comment #6 from Carl Austin Bennett carlb...@hotmail.com 2011-09-09 00:04:38 UTC --- I'd think that /64 is rather common due to rfc4291 [[IPv6 address#Stateless_address_autoconfiguration]] by which any individual router is given a /64 and the individual clients suffix this with a 64-bit extended MAC address or a random suffix. I've only seen a /128 once; the lowest-level of anonymous tunnel on gogo6 acts as a dynamic IP address for one Windows PC and semi-randomly allocates a different /128 from [2001:5c0:1000:a]/64 each time the PC re-connects to the network. Even there, all of their other tunnel offerings are at least a ::/64; I believe ::/64 as the smallest allocation is also true of Hurricane Electric. For that matter, my co-lo provider will be offering a ::/64 for my three servers. Oh, drats, that only leaves me with 2^64 - 3 free addresses? What if I run out? If my upstream provider only has [2605:ac00]/32 they might've assigned all four billion ::/64's by the time that happens, then I'm really in trouble! In any case, we should expect many (or even the majority) of blocks to be rangeblocks (with /64 the smallest viable) unless we're dealing with the most casual of vandalism from someone who has no idea how either wiki or IPv6 works. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #7 from Jon Davis w...@konsoletek.com 2011-09-09 00:42:47 UTC --- Maybe it should be a configurable variable in LocalSettings.php, the size of the default ipv6 range block, that is. /64 is the RFC suggestion and that seems to be what most groups are handing out (so far all of mine are, HE, Linode, other providers) so for my personal wiki's I'd want to do /64 block. On the other hand the WMF may want to be more lenient and only block /80 or /96?. But yea, single IP blocks in IPv6 will be a thing of the past. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #8 from Carl Austin Bennett carlb...@hotmail.com 2011-09-09 03:20:22 UTC --- Hard to know if blocking /80 or /96 makes sense... if /64 is enough to narrow down to one individual router (a LAN subnet) the lower 64 bits seem to typically be either: a) mostly zeroes, with the low word a sequential or arbitrary number identifying an individual machine using just the lower few bits as meaningful data. b) a network card's hardware MAC address or a randomly-selected number. A local network may well be 2001:db8:1234:5678::1 as router with ::2, ::3 and ::4 as the individual computers; in this case a /64 vs. a /125 actually produce the same result as all that's in all those extra bits is a whole lot of zeroes. The most likely options are: a) block one computer (a /128) - weak as the rest of the same LAN retains access b) block one individual subnet (a /64) - usually takes out one router or LAN c) a range block of anything larger (a /32 would likely block a local ISP) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Ashar Voultoiz has...@free.fr changed: What|Removed |Added CC||has...@free.fr --- Comment #4 from Ashar Voultoiz has...@free.fr 2010-11-22 20:24:08 UTC --- Be careful. My ISP (free.fr) allocate a /60 per end user. A /48 mask will block 4096 end users 2^(60-48). Some companies might have a /64 dedicated to internet access. In this case you will have to block per /128 :( -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Aaron Schulz jschulz_4...@msn.com changed: What|Removed |Added CC||jschulz_4...@msn.com --- Comment #2 from Aaron Schulz jschulz_4...@msn.com 2010-11-22 00:51:34 UTC --- (In reply to comment #0) The current design for an IP block (in IPv4 and MediaWiki) is to block that specific IP. Problem is that IPv6 is much bigger. The recommendation is currently to issue a /64 for everything, even for a Point-to-point link. So in the case of IPv6, blocking the /128 is effectively pointless. The default when handling IPv6 addresses probably should be to block the /64. Were is this recommendation? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #3 from Brownout brovvnout+wikibugzi...@gmail.com 2010-11-22 00:58:38 UTC --- I'd start with RFC 4291 and RFC 5375. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Reedy s...@reedyboy.net changed: What|Removed |Added Keywords||ipv6 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Brownout brovvnout+wikibugzi...@gmail.com changed: What|Removed |Added CC||brovvnout+wikibugzi...@gmai ||l.com --- Comment #1 from Brownout brovvnout+wikibugzi...@gmail.com 2010-07-06 21:39:14 UTC --- You don't necessarily want to block an entire subnet, an optional flag would be better. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
