[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Time to add 2002::/16 to bogon filters?

This week I began mapping IPv6 SPAM headers "Received:" and "X-Received:"
and have discovered over 50% are from: â??
2002:0a00:: - 2002:aff:ffff:ffff:ffff:ffff:ffff:ffff â??
2002:ac10:: - 2002:ac10:ffff:ffff:ffff:ffff:ffff:ffff â??
2002:c0A8:: - 2002:c0A8:ffff:ffff:ffff:ffff:ffff:ffff

Can anyone else confirm my findings?

Joe Klein

"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8

On Mon, Jun 18, 2018 at 9:18 PM, Jared Mauch <jared at puck.nether.net> wrote:

> > On Jun 18, 2018, at 8:31 PM, Mark Andrews <marka at isc.org> wrote:
> >
> > If you are using 2002::/16 you know are relying on third parties.  Not
> that it is much
> > different to any other address where you are relying on third parties.
> >
> > If one is going to filter 2002::/16 from BGP then install your own
> gateway to preserve
> > the functionality.
> It does not appear the functionality is working at present, which I think
> is the more critical point.  Taking a quick sampling of where I see the
> packets going from two different networks, it doesnâ??t seem to be going
> where itâ??s expected, nor is it working as expected.  These appear to be at
> best routing leaks similar to leaking rfc6761 space that should be under
> your local control.  They could also be seen as a privacy issue by taking
> packets destined to 2002::/16 somewhere unexpected and off-continent.
> I would expect even in the cases where it does work, it would be subject
> to the same challenges faced by people using VPN services (being blocked
> from your kids favorite streaming services) and much poorer performance
> than native IPv4.
> There is also the problem noted by Wes George with 6to4 being used in DNS
> amplification, which may be interesting..
> http://iepg.org/2018-03-18-ietf101/wes.pdf
> I donâ??t believe most providers are intending to offer 6to4 as a global
> service.  Even the large providers (eg: Comcast) seem to have disabled it
> ~4+ years ago.  While I know thereâ??s people on the internet that like to
> hang on to legacy things, this is one that should end.  The networks and
> devices today no longer require this sort of transition technology, and the
> networks where itâ??s left wonâ??t want it as it will be used for various bad
> things(tm).
> - Jared