On Sun, 11 Apr 2010 12:31:28 EDT, William Warren said:
On 4/3/2010 1:39 PM, Valdis.Kletnieks@vt.edu wrote:
Given that currently most stuff is dual-stack, and IPv6 isn't totally widespread, what are the effects of doing IPv6 DDoS mitigation by simply turning off IPv6 on your upstream link and letting traffic fall back to IPv4 where you have mitigation gear?
Not a valid argument. When ipv6 gets widely used then the DDOS will follow it.
Totally valid. IPv6 isn't heavily used *currently*, so it may be perfectly acceptable to deal with the mythological IPv6 DDoS by saying "screw it, turn off the IPv6 prefix, deal with customers on IPv4-only for a few hours". After all, that's *EXACTLY* the way you're doing business now - IPv4 only. So that's obviously a viable way to deal with an IPv6 DDoS - do *exactly what you're doing now*.