Time to add 2002::/16 to bogon filters?
Niels Bakker
niels=nanog at bakker.net
Tue Jun 19 09:15:09 UTC 2018
* marka at isc.org (Mark Andrews) [Tue 19 Jun 2018, 01:35 CEST]:
>If you filter 2002::/16 then you are performing a denial-of-service
>attack on the few sites that are still using it DELIBERATELY.
Find me one site with a competent admin that deliberately publishes
2002::/16 in DNS.
>None of the problems required removing it from BGP. There were end
>sites that had firewalls that blocked 6to4 responses and the odd
>site that ran a gateway and failed to properly manage it. The rest
>could have been dealt with by configuring more gateways.
Could. But hasn't. Right now it's merely a security risk.
People who used to run a gateway and competently managed it took them
down years ago when they, being competent admins, realised the utility
had run out.
-- Niels.
More information about the NANOG
mailing list