[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time to add 2002::/16 to bogon filters?
* marka at isc.org (Mark Andrews) [Tue 19 Jun 2018, 01:35 CEST]:
>If you filter 2002::/16 then you are performing a denial-of-service
>attack on the few sites that are still using it DELIBERATELY.
Find me one site with a competent admin that deliberately publishes
2002::/16 in DNS.
>None of the problems required removing it from BGP. There were end
>sites that had firewalls that blocked 6to4 responses and the odd
>site that ran a gateway and failed to properly manage it. The rest
>could have been dealt with by configuring more gateways.
Could. But hasn't. Right now it's merely a security risk.
People who used to run a gateway and competently managed it took them
down years ago when they, being competent admins, realised the utility
had run out.