Re: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)

[Owen DeLong via NANOG <nanog () nanog org>]

As long as they have a reasonable expiry process, it could work. After all, they’re only collecting addresses to ban at 
the rate they’re actually being used to send packets.

While that’s nota. Completely effective throttle, as long as your expiry process can keep up and your TTL doesn’t 
exceed your ring buffer size, it should be theoretically OK.

Owen


> On Feb 5, 2023, at 02:44, Fernando Gont <fgont () si6networks com> wrote:
>
> Hi, All,
>
> Recently, I happened to participate in an IPv6 deployment meeting with some large content provider, and said meeting 
> included a discussion about how to mitigate some attacks using block-lists. These folks argued that they ban 
> offending IPv6 addresses as /128s, following IPv4 practices.
>
> So it seemed to me that some of the implications arising from the increased IPv6 address space were non-obvious to 
> them.  -- that has been the motivation for the publication of this document.
>
> * TXT: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.txt
> * HTML: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.html
>
> Comments welcome!
>
> P.S.: The document is targeted at the IETF opsec wg (https://www.ietf.org/mailman/listinfo/opsec), but I'll be happy 
> to discuss it on this mailing-list, off-list, or at the opsec wg mailing-list...
>
> Thanks!
>
> Regards,
> Fernando
>
>
>
>
> -------- Forwarded Message --------
> Subject: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt
> Date: Thu, 02 Feb 2023 19:48:40 -0800
> From: internet-drafts () ietf org
> To: Fernando Gont <fgont () si6networks com>, Guillermo Gont <ggont () si6networks com>
>
>
> A new version of I-D, draft-gont-opsec-ipv6-addressing-00.txt
> has been successfully submitted by Fernando Gont and posted to the
> IETF repository.
>
> Name:         draft-gont-opsec-ipv6-addressing
> Revision:     00
> Title:                Implications of IPv6 Addressing on Security Operations
> Document date:        2023-02-02
> Group:                Individual Submission
> Pages:                8
> URL: https://www.ietf.org/archive/id/draft-gont-opsec-ipv6-addressing-00.txt
> Status: https://datatracker.ietf.org/doc/draft-gont-opsec-ipv6-addressing/
> Htmlized: https://datatracker.ietf.org/doc/html/draft-gont-opsec-ipv6-addressing
>
>
> Abstract:
>   The increased address availability provided by IPv6 has concrete
>   implications on security operations.  This document discusses such
>   implications, and sheds some light on how existing security
>   operations techniques and procedures might need to be modified
>   accommodate the increased IPv6 address availability.
>
>
>
>
> The IETF Secretariat