Re: Time to add 2002::/16 to bogon filters?

[Ca By <cb.list6 () gmail com>]

On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews <marka () isc org> wrote:

> If a ASN is announcing 2002::/16 then they are are happy to get the
> traffic.  It
> they don’t want it all they have to do is withdraw the prefix.  It is not
> up to
> the rest of us to second guess their decision to keep providing support.

That sounds like an interesting attack scenario where a malicious actor can
insert themselves in a path, via bgp, announcing 6to4 space


> If you filter 2002::/16 then you are performing a denial-of-service attack
> on
> the few sites that are still using it DELIBERATELY.
>
> None of the problems required removing it from BGP.  There were end sites
> that
> had firewalls that blocked 6to4 responses and the odd site that ran a
> gateway
> and failed to properly manage it.  The rest could have been dealt with by
> configuring more gateways.  If every dual stacked ASN had run their own
> gateways
> there wouldn’t have been a scaling issue.  i.e. take the 2002::/16 traffic
> and
> dump it onto IPv4 as soon as possible and take the encapsulated traffic
> for the
> rest of IPv6 and de-encapsulate it as soon as possible.
>
> Mark
> > On 19 Jun 2018, at 8:56 am, McBride, Mack <C-Mack.McBride () charter com>
> wrote:
> > This should have been filtered before.
> > Lots of people improperly implemented this so it caused issues.
> >
> > Mack
> >
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of John Kristoff
> > Sent: Monday, June 18, 2018 3:48 PM
> > To: Job Snijders <job () ntt net>
> > Cc: NANOG [nanog () nanog org] <nanog () nanog org>
> > Subject: Re: Time to add 2002::/16 to bogon filters?
> >
> > On Mon, 18 Jun 2018 21:08:05 +0000
> > Job Snijders <job () ntt net> wrote:
> >
> > > TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters?
> >
> > Hi Job,
> >
> > I've been asking people about this recently.  I don't particularly like
> having misdirected traffic or badly configured hosts sending junk to those
> who happen to be announcing addresses from this prefix.  I'm planning on
> adding this to a bogon filter here.
> > John
> > E-MAIL CONFIDENTIALITY NOTICE:
> > The contents of this e-mail message and any attachments are intended
> solely for the addressee(s) and may contain confidential and/or legally
> privileged information. If you are not the intended recipient of this
> message or if this message has been addressed to you in error, please
> immediately alert the sender by reply e-mail and then delete this message
> and any attachments. If you are not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or storage of
> this message or any attachment is strictly prohibited.
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka () isc org