Hi, Daniel, On 7/2/23 21:20, Daniel Marks via NANOG wrote:
Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts to create and destroy lots of tiny instances to rotate through IPv4 addresses.
As with everything, the question is always "what's the level of effort that is required". If an attacker is given the option to: 1) Hack an AWS account, and then script the creation of through-away VMs just to be able to change the IP address each time, or, 2) Stay on the same machine, and be able to (even legitimately) use 2**64 addresses without even the need to hack any terraform scripts They will probably go for #2. And aside of their choices, #1 requires more skills than #2.
Being able to rotate through IP addresses is not a new thing, I'm sure we all have networks in mind when we think of garbage/malicious traffic just over IPv4 alone.
The difference is in the scale at which this is possible with IPv6, and how high (or low) the bar is to do it.
There are some strange implementations of IPv6 that end up having a lot of dissociated users grouped together in a /64 (i.e. Linode, AT&T Wireless, etc)
Therein probably lies some good advice .. i.e., that to the extent that is possible, folks refrain from sharing the same /64 across unrelated/disassociated users. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494