[125259] in North American Network Operators' Group
Re: legacy /8
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Apr 11 13:40:29 2010
To: William Warren <hescominsoon@emmanuelcomputerconsulting.com>
In-Reply-To: Your message of "Sun, 11 Apr 2010 12:31:28 EDT."
<4BC1F960.3020901@emmanuelcomputerconsulting.com>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 11 Apr 2010 13:39:48 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1271007588_3983P
Content-Type: text/plain; charset=us-ascii
On Sun, 11 Apr 2010 12:31:28 EDT, William Warren said:
> On 4/3/2010 1:39 PM, Valdis.Kletnieks@vt.edu wrote:
> > Given that currently most stuff is dual-stack, and IPv6 isn't totally
> > widespread, what are the effects of doing IPv6 DDoS mitigation by simply
> > turning off IPv6 on your upstream link and letting traffic fall back to IPv4
> > where you have mitigation gear?
> Not a valid argument. When ipv6 gets widely used then the DDOS will
> follow it.
Totally valid.
IPv6 isn't heavily used *currently*, so it may be perfectly acceptable to
deal with the mythological IPv6 DDoS by saying "screw it, turn off the IPv6
prefix, deal with customers on IPv4-only for a few hours". After all, that's
*EXACTLY* the way you're doing business now - IPv4 only. So that's obviously
a viable way to deal with an IPv6 DDoS - do *exactly what you're doing now*.
--==_Exmh_1271007588_3983P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLwglkcC3lWbTT17ARAjeZAJ9d1AFpat4n152baSAkA5Yc8Gq3HwCeIPH4
9fIEJICfGd5VsxmRRcyUBCY=
=wZm+
-----END PGP SIGNATURE-----
--==_Exmh_1271007588_3983P--
