Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
andyN2013-08-05 07:03:59
Computer networks
andyN, 2013-08-05 07:03:59

IPv6 and ban by IP address?

In connection with the gradual transition to IPv6, there are questions about the uniqueness of the IP address. As you know, now a lot is tied to the IP address (v4): the ability to ban the offender on the forum, for example, is quite limited - the offender can be behind NAT, by banning one, you can ban all the rest of his "neighbors". Therefore, this measure is used in extreme cases. And what will happen in the case of the ubiquitous distribution of v6? Will it be possible to easily ban violators, repel DDoS attacks, etc.? After all (as far as I understand), the site will have access to a real user IP that does not affect other users from the same network. Or will they still have some way to get around this limitation? Moreover, if they can assign themselves an IP address, it will be almost impossible to ban them (without knowing their subnet)?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
M
merlin-vrn, 2013-08-05
@merlin-vrn

More to the point, there are IPv6 privacy extensions that are enabled on all systems by default. The system assigns temporary, correct, random IPv6 addresses to the interface, which are used to establish connections for an hour, after which the address is declared obsolete and the next random one is assigned. Those. any IPv6 user looks like a constantly changing address within his network.
So if you need to ban someone by address in this way, you will have to ban him by subnet, just like now in the case of IPv4 NAT, the entire network will be blocked due to one freak.

Report
M
malan, 2013-08-05
@malan

With the introduction of IPv6, NATs are not going anywhere, the only thing that can change is that ISPs can stop issuing dynamic IPs. there are enough ranges for everyone

Report
V
ValdikSS, 2013-08-06
@ValdikSS

I've been using IPv6 for a year now, probably three. Of course, these are all non-native addresses, but either through a broker tunnel or through 6to4.
In any case, RIPE strongly recommends issuing /64 to the end client. In the real world, they issue either one /64 or two /64 (so that routing can be simply configured, in fact, one /64 is enough, and in LAN, route through link-local addresses), or something larger, /60 or /56. Finding out which range is given to the client is somewhat problematic, there is only logic and intuition, and, well, googling for the provider. Therefore, you need to ban all /64 at once.

Report
J
joneleth, 2013-08-05
@joneleth

It's too early for you to think about it, I think. When the time comes, there will be recipes on blogs, and everything you need.

Similar questions
A
anatoly_tim2016-02-20 12:04:14
How to set up QoS for streaming data (video conferencing) on ​​mikrotik? 2Reply
A
Artem Spiridonov2016-02-21 20:38:54
What is the success of fl.ru in Runet? 2Reply
W
wilddeer2016-02-22 00:40:43
Dropping Wi-Fi signal on the router? 2Reply
V
VM-032020-07-06 19:01:08
Can't connect to codeload? 1Reply
M
Mario_Z2013-11-05 22:51:05
External address pool different from connection address 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question