This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
Limitting based on IP address is not useful (Was: Re: SV: how 200 /48's fails the job [Re: [address-policy-wg] Policy proposal: #gamma IPv6 Initial Allocation Criteria])
- Previous message (by thread): SV: how 200 /48's fails the job [Re: [address-policy-wg] Policy proposal: #gamma IPv6 Initial Allocation Criteria]
- Next message (by thread): SV: how 200 /48's fails the job [Re: [address-policy-wg] Policy proposal: #gamma IPv6 Initial Allocation Criteria]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeroen Massar
jeroen at unfix.org
Thu Apr 7 11:58:08 CEST 2005
On Thu, 2005-04-07 at 00:21 +0200, Jørgen Hovland wrote: > >> A more specific problem with this allocation policy: > >> You would expect that if a /64 is the standard allocation size of a > >> lan, then we can all start filtering on /64s instead of /128s if we > >> want to do per-ipv6 filtering, right? > > > >I don't understand what you're getting at... > > I see I was a bit unclear. > Limitation of 1 ftp connection per user, 1 registration per user on > our website and so on.. > Simple techniques to reduce abuse++ often take advantage of the one > machine to one IP address ratio with IPv4 today. With IPv6 you get > one address, or you get a billion. > You can't tell anymore cause you can grab thousand extra ips on the > /64 lan and use it for whatever you like. > We are sure going to miss this feature. Nope, even better. You *know* that the endsite falls inside the same /48, which you can lookup in whois, who owns it, then check if it is a house (avg 8 people) or a big company with indeed 10k orso users. With RFC3041 being standard, the same /64 can produce a *lot* of different IP's to your webserver or whatever connector, thus indeed for stats you might want to aggregate those. Of course you can see that an IP is based on RFC3041 by checking the relevant bits, but people could of course also make their bots do it for you. For limiting automatic requests to your website use Captcha's*. Robots can do a lot, but they can't read (yet). Thus for FTP and other services, limit per /48. You then limit per site btw and not per user, which is actually better than what you actually wanted. What if I would have a /24 and let '256 users' in. Remember also that I could have my fridge use an IP, walk there and let it order from your site etc... they are different devices with the same user, /me ;) Simply saying 'that user is the same IP' does not work, but has it ever? (NAT anyone :) Greets, Jeroen * = http://en.wikipedia.org/wiki/Captcha -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part URL: </ripe/mail/archives/address-policy-wg/attachments/20050407/4262fcaf/attachment.sig>
- Previous message (by thread): SV: how 200 /48's fails the job [Re: [address-policy-wg] Policy proposal: #gamma IPv6 Initial Allocation Criteria]
- Next message (by thread): SV: how 200 /48's fails the job [Re: [address-policy-wg] Policy proposal: #gamma IPv6 Initial Allocation Criteria]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]