Scanning activity from 2620:96:a000::/48

Dobbins, Roland Roland.Dobbins at netscout.com
Tue Jul 6 10:21:34 UTC 2021


> On 6 Jul 2021, at 16:53, Tore Anderson <tore at fud.no> wrote:
> 
> I was just curious to hear if anyone else is seeing the same thing, and also
> whether or not people feel that this is an okay thing for this «Internet
> Measurement Research (SIXMA)» to do (assuming they are white-hats)?

Scanning is part of the ‘background radiation’ of the Internet, and it’s performed by various parties with varying motivations.  Of necessity, IPv6 scanning is likely to be more targeted (were your able to discern any rhyme or reason behind the observed scanning patterns?).

iACLs, tACLs, CoPP, selective QoS for various ICMPv6 types/codes, et. al. should be configured in such a manner that 600pps of anything can’t cause an adverse impact to any network functions.  Because actual bad actors are unlikely to voluntarily stop, even when requested to do so.

--------------------------------------------
Roland Dobbins <roland.dobbins at netscout.com>





More information about the NANOG mailing list