[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Time to add 2002::/16 to bogon filters?

* marka at isc.org (Mark Andrews) [Tue 19 Jun 2018, 01:35 CEST]:
>If you filter 2002::/16 then you are performing a denial-of-service 
>attack on the few sites that are still using it DELIBERATELY.

Find me one site with a competent admin that deliberately publishes 
2002::/16 in DNS.

>None of the problems required removing it from BGP.  There were end 
>sites that had firewalls that blocked 6to4 responses and the odd 
>site that ran a gateway and failed to properly manage it.  The rest 
>could have been dealt with by configuring more gateways.

Could.  But hasn't.  Right now it's merely a security risk.

People who used to run a gateway and competently managed it took them 
down years ago when they, being competent admins, realised the utility 
had run out.

	-- Niels.