[anti-abuse-wg] Weird Packets from source ::0/64

Hello,

today I noticed that my IPv6 NTP server (intentionally public available) gets NTP packets
from source network ::0/64 on the WAN interface.
Source addresses are, for example:
 ::5cb2:92ff:fefe:9a47
 ::7c04:27ff:fe6b:b26b
 ::8c7c:99ff:fe38:12b6

These packets are getting dropped by my firewall but I'm curious what's happening there.
It's a very low packet rate at less than 20 Packets in an hour from about 10-12 different source addresses.
And the packets I captured with tcpdump are looking like valid NTP requests.

Sine the not-null part of the address is always 64 bits long I assume that this is maybe the result of
some sort of a "prefix NAT" stunt which is spectacular failing on a non-filtered link.


Does anyone else receive those packets? Or has an explaination what is going on there?
My NTP server is currently the only service which is targeted by these weird packets.


Greetings
 Max

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20160630/3fa51941/attachment.sig>