Request to participate in 2-min study survey on IPv6 Adoption
Dear NANOG community, My name is Smahane Amakran. Some of you might know me as, Smahena from the RIPE NCC. I am studying MBA track Business & IT. For my studies, I am researching IPv6 adoption. With my student hat on, I want to ask you two minutes to answer seven simple survey questions for my research. You can enter the survey via this link: https://forms.gle/DU5Hc6nuzBPVqzN7A The survey is anonymous and not related to the RIPE NCC. Therefore, the results will only be used in the context of my study. The survey will close *on Friday, 28 January at 16:00 UCT.* Your participation would be greatly appreciated! Kind regards, Smahane Amakran
Peace, On Thu, Jan 27, 2022, 4:38 PM Smahena Amakran <smahenamakran@gmail.com> wrote:
For my studies, I am researching IPv6 adoption.
For your consideration, there's one thing that's always overlooked. E.g. I've been talking once to a big employee of a large content provider, and that person told me they don't enable IPv6 because doing otherwise produces tons of comment spam. The thing is, we have this spam problem. This is not really the "information security issue" you've mentioned, this is just a glimpse of a real issue. IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space. ISPs don't typically focus on these kinds of things but ISPs, speaking of large ones, are also typically champions in IPv6 deployment. It's usually content providers who don't do their stuff. And, as sad as it gets, it's not getting away any time soon since it's there for a reason. -- Töma
That's just plain as* bullsh** right there. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Jan 30, 2022, at 19:09, Töma Gavrichenkov <ximaera@gmail.com> wrote:
Peace,
On Thu, Jan 27, 2022, 4:38 PM Smahena Amakran <smahenamakran@gmail.com> wrote: For my studies, I am researching IPv6 adoption.
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content provider, and that person told me they don't enable IPv6 because doing otherwise produces tons of comment spam.
The thing is, we have this spam problem. This is not really the "information security issue" you've mentioned, this is just a glimpse of a real issue.
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space.
ISPs don't typically focus on these kinds of things but ISPs, speaking of large ones, are also typically champions in IPv6 deployment. It's usually content providers who don't do their stuff. And, as sad as it gets, it's not getting away any time soon since it's there for a reason.
-- Töma
Matt Harris|Infrastructure Lead 816-256-5446|Direct Looking for help? Helpdesk|Email Support We build customized end-to-end technology solutions powered by NetFire Cloud. On Sun, Jan 30, 2022 at 7:07 PM Töma Gavrichenkov <ximaera@gmail.com> wrote:
Peace,
On Thu, Jan 27, 2022, 4:38 PM Smahena Amakran <smahenamakran@gmail.com> wrote:
For my studies, I am researching IPv6 adoption.
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content provider, and that person told me they don't enable IPv6 because doing otherwise produces tons of comment spam.
The thing is, we have this spam problem. This is not really the "information security issue" you've mentioned, this is just a glimpse of a real issue.
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space.
ISPs don't typically focus on these kinds of things but ISPs, speaking of large ones, are also typically champions in IPv6 deployment. It's usually content providers who don't do their stuff. And, as sad as it gets, it's not getting away any time soon since it's there for a reason.
Have you tried treating a /64 in IPv6 in the same way that you'd treat a /32 in IPv4 (and thusly, a /32 in IPv6 in the same way you'd treat larger IPv4 blocks targeting bad provider space, etc?) rather than fighting every /128? This seems to be a pretty common practice that has worked for others in dealing with abuse issues on IPv6. - mdh
On 1/30/22 17:06, Töma Gavrichenkov wrote:
For your consideration, there's one thing that's always overlooked.
E.g. I've been talking once to a big employee of a large content provider, and that person told me they don't enable IPv6 because doing otherwise produces tons of comment spam.
This makes no sense at all, and is not my experience.
The thing is, we have this spam problem. This is not really the "information security issue" you've mentioned, this is just a glimpse of a real issue.
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space.
Then you're doing it wrong. With IPv6 don't drill down more granular than a /64 when filtering.
ISPs don't typically focus on these kinds of things but ISPs, speaking of large ones, are also typically champions in IPv6 deployment. It's usually content providers who don't do their stuff. And, as sad as it gets, it's not getting away any time soon since it's there for a reason.
Comment spam isn't a valid reason to avoid deploying IPv6. Not even remotely close to one. -- Jay Hennigan - jay@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV
Peace, On Mon, Jan 31, 2022, 11:01 PM Jay Hennigan <jay@west.net> wrote:
On 1/30/22 17:06, Töma Gavrichenkov wrote:
IPv6 is now cheap as chips. It's very dirty therefore. All kinds of bots, spammers, password brute force programs live in there, and it's significantly harder to correlate and ditch these with the sparse IPv6 address space.
Then you're doing it wrong.
You might've noticed that I'm sharing experience of someone else, not me. Also, this is exactly the kind of problem denial that made it difficult to adopt many technologies in the past. You may go to great lengths in adjusting your filtering algorithms but when e.g. (I'm making up figures now, obviously) the SNR of UGC in IPv4 is like 10x times it is in IPv6, your management would start asking questions about whether it's really the best time to invest in this rather than in another potential revenue stream. -- Töma
Yo Töma! On Tue, 1 Feb 2022 04:16:49 +0200 Töma Gavrichenkov <ximaera@gmail.com> wrote:
(I'm making up figures now, obviously)
When you base decision on imaginary figures, you get suboptimal results.
the SNR of UGC in IPv4 is like 10x times it is in IPv6
My experience, using fail2band, and spamassassin, for over a decade with IPv6, is that 100x more spam and other abuse comes from IPv4, not IPv6.
your management would start asking questions about whether it's really the best time to invest in this rather than in another potential revenue stream.
Now what would your management thinK? Then toss in that IPv6 is faster than IPv4. Dunno why, but easy to prove that for yourself. If you care to experiment, rather than make up figures. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
participants (7)
-
Christopher Morrow
-
Gary E. Miller
-
J. Hellenthal
-
Jay Hennigan
-
Matt Harris
-
Smahena Amakran
-
Töma Gavrichenkov