Time to add 2002::/16 to bogon filters?

Niels Bakker niels=nanog at bakker.net
Tue Jun 19 09:15:09 UTC 2018


* marka at isc.org (Mark Andrews) [Tue 19 Jun 2018, 01:35 CEST]:
>If you filter 2002::/16 then you are performing a denial-of-service 
>attack on the few sites that are still using it DELIBERATELY.

Find me one site with a competent admin that deliberately publishes 
2002::/16 in DNS.


>None of the problems required removing it from BGP.  There were end 
>sites that had firewalls that blocked 6to4 responses and the odd 
>site that ran a gateway and failed to properly manage it.  The rest 
>could have been dealt with by configuring more gateways.

Could.  But hasn't.  Right now it's merely a security risk.

People who used to run a gateway and competently managed it took them 
down years ago when they, being competent admins, realised the utility 
had run out.


	-- Niels.



More information about the NANOG mailing list