nanog mailing list archives
Re: Time to add 2002::/16 to bogon filters?
From: j k <jsklein () gmail com>
Date: Mon, 18 Jun 2018 21:32:51 -0400
This week I began mapping IPv6 SPAM headers "Received:" and "X-Received:" and have discovered over 50% are from: 10.0.0.0 – 10.255.255.255 2002:0a00:: - 2002:aff:ffff:ffff:ffff:ffff:ffff:ffff 172.16.0.0 – 172.31.255.255 2002:ac10:: - 2002:ac10:ffff:ffff:ffff:ffff:ffff:ffff 192.168.0.0 – 192.168.255.255 2002:c0A8:: - 2002:c0A8:ffff:ffff:ffff:ffff:ffff:ffff Can anyone else confirm my findings? Joe Klein "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8 On Mon, Jun 18, 2018 at 9:18 PM, Jared Mauch <jared () puck nether net> wrote:
On Jun 18, 2018, at 8:31 PM, Mark Andrews <marka () isc org> wrote: If you are using 2002::/16 you know are relying on third parties. Notthat it is muchdifferent to any other address where you are relying on third parties. If one is going to filter 2002::/16 from BGP then install your owngateway to preservethe functionality.It does not appear the functionality is working at present, which I think is the more critical point. Taking a quick sampling of where I see the packets going from two different networks, it doesn’t seem to be going where it’s expected, nor is it working as expected. These appear to be at best routing leaks similar to leaking rfc6761 space that should be under your local control. They could also be seen as a privacy issue by taking packets destined to 2002::/16 somewhere unexpected and off-continent. I would expect even in the cases where it does work, it would be subject to the same challenges faced by people using VPN services (being blocked from your kids favorite streaming services) and much poorer performance than native IPv4. There is also the problem noted by Wes George with 6to4 being used in DNS amplification, which may be interesting.. http://iepg.org/2018-03-18-ietf101/wes.pdf I don’t believe most providers are intending to offer 6to4 as a global service. Even the large providers (eg: Comcast) seem to have disabled it ~4+ years ago. While I know there’s people on the internet that like to hang on to legacy things, this is one that should end. The networks and devices today no longer require this sort of transition technology, and the networks where it’s left won’t want it as it will be used for various bad things(tm). - Jared
Current thread:
- Re: Time to add 2002::/16 to bogon filters?, (continued)
- Re: Time to add 2002::/16 to bogon filters? Job Snijders (Jun 28)
- Re: Time to add 2002::/16 to bogon filters? Youssef Bengelloun-Zahr (Jun 28)
- Re: Time to add 2002::/16 to bogon filters? John Kristoff (Jun 18)
- RE: Time to add 2002::/16 to bogon filters? McBride, Mack (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Ca By (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Harald Koch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? j k (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? joel jaeggli (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Tony Finch (Jun 19)
- RE: Time to add 2002::/16 to bogon filters? McBride, Mack (Jun 18)
- Re: Time to add 2002::/16 to bogon filters? Job Snijders (Jun 28)
- Re: Time to add 2002::/16 to bogon filters? Niels Bakker (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Wes George (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Mark Andrews (Jun 19)
- Re: Time to add 2002::/16 to bogon filters? Jared Mauch (Jun 19)