On 1/30/22 17:06, Töma Gavrichenkov wrote:
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content provider, and that person told me they don't enable IPv6 because doing otherwise produces tons of comment spam.
This makes no sense at all, and is not my experience.
The thing is, we have this spam problem. This is not really the "information security issue" you've mentioned, this is just a glimpse of a real issue.
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space.
Then you're doing it wrong. With IPv6 don't drill down more granular than a /64 when filtering.
ISPs don't typically focus on these kinds of things but ISPs, speaking of large ones, are also typically champions in IPv6 deployment. It's usually content providers who don't do their stuff. And, as sad as it gets, it's not getting away any time soon since it's there for a reason.
Comment spam isn't a valid reason to avoid deploying IPv6. Not even remotely close to one. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV