[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Marcin Cieślak changed: What|Removed |Added CC||marcin.cies...@gmail.com --- Comment #10 from Marcin Cieślak 2012-03-27 22:39:05 UTC --- I think blocking of IPv6 should assume /64 "by default", but it should be modifiable. Probably out subnet/host block distinction should go away, even for IPv4 (just have /32 as kind of special default case). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Sam Reed (reedy) changed: What|Removed |Added Blocks||35540 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 jas...@jasperswebsite.co.cc changed: What|Removed |Added CC||jas...@jasperswebsite.co.cc --- Comment #9 from jas...@jasperswebsite.co.cc 2012-01-14 23:21:58 UTC --- I've proposed a /32 as the technical maximum because GoDaddy and other webhosts get ranges of that size. I do not believe the WMF should give leniency with /80 or /96 because one single user never will have a range of that size. If a /64 represents a group, just block single addresses. The default should indeed be a /64, but we have to be careful about ISPs who issue /56, /48, and 6to4 addresses. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #8 from Carl Austin Bennett 2011-09-09 03:20:22 UTC --- Hard to know if blocking /80 or /96 makes sense... if /64 is enough to narrow down to one individual router (a LAN subnet) the lower 64 bits seem to typically be either: a) mostly zeroes, with the low word a sequential or arbitrary number identifying an individual machine using just the lower few bits as meaningful data. b) a network card's hardware MAC address or a randomly-selected number. A local network may well be 2001:db8:1234:5678::1 as router with ::2, ::3 and ::4 as the individual computers; in this case a /64 vs. a /125 actually produce the same result as all that's in all those extra bits is a whole lot of zeroes. The most likely options are: a) block one computer (a /128) - weak as the rest of the same LAN retains access b) block one individual subnet (a /64) - usually takes out one router or LAN c) a range block of anything larger (a /32 would likely block a local ISP) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #7 from Jon Davis 2011-09-09 00:42:47 UTC --- Maybe it should be a configurable variable in LocalSettings.php, the size of the default ipv6 range block, that is. /64 is the RFC suggestion and that seems to be what most groups are handing out (so far all of mine are, HE, Linode, other providers) so for my personal wiki's I'd want to do /64 block. On the other hand the WMF may want to be more lenient and only block /80 or /96?. But yea, single IP blocks in IPv6 will be a thing of the past. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Carl Austin Bennett changed: What|Removed |Added CC||carlb...@hotmail.com --- Comment #6 from Carl Austin Bennett 2011-09-09 00:04:38 UTC --- I'd think that /64 is rather common due to rfc4291 [[IPv6 address#Stateless_address_autoconfiguration]] by which any individual router is given a /64 and the individual clients suffix this with a 64-bit extended MAC address or a random suffix. I've only seen a /128 once; the lowest-level of "anonymous" tunnel on gogo6 acts as a dynamic IP address for one Windows PC and semi-randomly allocates a different /128 from [2001:5c0:1000:a]/64 each time the PC re-connects to the network. Even there, all of their other "tunnel" offerings are at least a ::/64; I believe ::/64 as the smallest allocation is also true of Hurricane Electric. For that matter, my co-lo provider will be offering a ::/64 for my three servers. Oh, drats, that only leaves me with 2^64 - 3 free addresses? What if I run out? If my upstream provider only has [2605:ac00]/32 they might've assigned all four billion ::/64's by the time that happens, then I'm really in trouble! In any case, we should expect many (or even the majority) of blocks to be rangeblocks (with /64 the smallest viable) unless we're dealing with the most casual of vandalism from someone who has no idea how either wiki or IPv6 works. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #5 from Ashar Voultoiz 2011-01-17 16:49:39 UTC --- Rethinking about it, we might have to implement a system to collect the end user allocation size per ISP. As an example, given an ISP with a /20 allocation and sub allocating a /60 to each of its end users. When blocking the user IP address we could whois it to find out the ISP superblock (/20 in my example) and then prompt to collect the end user allocation size (/60 in my example, could be /64 per default). The next time we try to block an end user for this ISP, we could internally look up the default end user allocation size and use /60 as a default. Most companies would be allocated a /48 from their ISP and have a different policy. So we have to find the smallest possible block and set the default end user allocation size for this block. We should probably query the whois database from time to time to detect networks changes. Ideally, such a field should be available in the RIR databases. I have not found any plan to implements it as of January 2011. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Ashar Voultoiz changed: What|Removed |Added CC||has...@free.fr --- Comment #4 from Ashar Voultoiz 2010-11-22 20:24:08 UTC --- Be careful. My ISP (free.fr) allocate a /60 per end user. A /48 mask will block 4096 end users 2^(60-48). Some companies might have a /64 dedicated to internet access. In this case you will have to block per /128 :( -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 --- Comment #3 from Brownout 2010-11-22 00:58:38 UTC --- I'd start with RFC 4291 and RFC 5375. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Aaron Schulz changed: What|Removed |Added CC||jschulz_4...@msn.com --- Comment #2 from Aaron Schulz 2010-11-22 00:51:34 UTC --- (In reply to comment #0) > The current "design" for an IP block (in IPv4 and MediaWiki) is to block that > specific IP. Problem is that IPv6 is much bigger. The recommendation is > currently to issue a /64 for everything, even for a Point-to-point link. So > in > the case of IPv6, blocking the /128 is effectively pointless. The default > when > handling IPv6 addresses probably should be to block the /64. Were is this recommendation? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Reedy changed: What|Removed |Added Keywords||ipv6 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24294] Should block IPv6 addresses at /64 instead of /128
https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 Brownout changed: What|Removed |Added CC||brovvnout+wikibugzi...@gmai ||l.com --- Comment #1 from Brownout 2010-07-06 21:39:14 UTC --- You don't necessarily want to block an entire subnet, an optional flag would be better. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l