nanog mailing list archives
Re: Time to add 2002::/16 to bogon filters?
From: Ca By <cb.list6 () gmail com>
Date: Mon, 18 Jun 2018 17:37:40 -0700
On Mon, Jun 18, 2018 at 5:31 PM Mark Andrews <marka () isc org> wrote:
If you are using 2002::/16 you know are relying on third parties.
I highlly doubt most people using 6to4 know they are using it, let alone the arbitrary nature of its routing. Not that it is much
different to any other address where you are relying on third parties. If one is going to filter 2002::/16 from BGP then install your own gateway to preserve the functionality.On 19 Jun 2018, at 10:23 am, Ca By <cb.list6 () gmail com> wrote: On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews <marka () isc org> wrote: If a ASN is announcing 2002::/16 then they are are happy to get thetraffic. Itthey don’t want it all they have to do is withdraw the prefix. It isnot up tothe rest of us to second guess their decision to keep providing support. That sounds like an interesting attack scenario where a malicious actorcan insert themselves in a path, via bgp, announcing 6to4 spaceIf you filter 2002::/16 then you are performing a denial-of-serviceattack onthe few sites that are still using it DELIBERATELY. None of the problems required removing it from BGP. There were endsites thathad firewalls that blocked 6to4 responses and the odd site that ran agatewayand failed to properly manage it. The rest could have been dealt with by configuring more gateways. If every dual stacked ASN had run their owngatewaysthere wouldn’t have been a scaling issue. i.e. take the 2002::/16traffic anddump it onto IPv4 as soon as possible and take the encapsulated trafficfor therest of IPv6 and de-encapsulate it as soon as possible. MarkOn 19 Jun 2018, at 8:56 am, McBride, Mack <C-Mack.McBride () charter com>wrote:This should have been filtered before. Lots of people improperly implemented this so it caused issues. Mack -----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of JohnKristoffSent: Monday, June 18, 2018 3:48 PM To: Job Snijders <job () ntt net> Cc: NANOG [nanog () nanog org] <nanog () nanog org> Subject: Re: Time to add 2002::/16 to bogon filters? On Mon, 18 Jun 2018 21:08:05 +0000 Job Snijders <job () ntt net> wrote:TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters?Hi Job, I've been asking people about this recently. I don't particularlylike having misdirected traffic or badly configured hosts sending junk to those who happen to be announcing addresses from this prefix. I'm planning on adding this to a bogon filter here.John E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intendedsolely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, cop <https://maps.google.com/?q=ed+that+any+use,+dissemination,+distribution,+cop&entry=gmail&source=g>ying, or storage of this message or any attachment is strictly prohibited.-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Time to add 2002::/16 to bogon filters?, (continued)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? joel jaeggli (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Nick Hilliard (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Job Snijders (Jun 28)
- Re: Time to add 2002::/16 to bogon filters? Youssef Bengelloun-Zahr (Jun 28)
- Re: Time to add 2002::/16 to bogon filters? John Kristoff (Jun 18)
- RE: Time to add 2002::/16 to bogon filters? McBride, Mack (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Harald Koch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? j k (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? joel jaeggli (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Tony Finch (Jun 19)
- RE: Time to add 2002::/16 to bogon filters? McBride, Mack (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Niels Bakker (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Wes George (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 19)