You are not logged in.

Pages: 1

#1 2024-12-24 9:43 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,104

Proposed change to IPv6 processing

I'm thinking about the way that IPv6 is handled.  At the moment, all IPv6 records are aggregated to /64 as that's most providers are allocating.  Some allocate /56, some VPS providers limit it to /128 so no option is perfect.

Someone with a /64 could post a billion spam message, each from its own IP.  This was the reasoning behind the /64 aggregation.

This hasn't eventuated, not to say that it wont.  The reason?  The rounding is catching far too many false positives which is both causing me a problem and is providing false positives, the one thing that I absolutely cannot tolerate

So instead of doing the /64 aggregation, I propose IPv6 be handled as entered, at the /128

For those that wish to limit the IPv6 to a larger subnet, the /64 then another result field will be listed to include the aggregated results

This could be another field in the results or the results can be forced to the subnet based on a new parameter, something like &aggregateip

Ideas? Comments?

Offline

#2 2024-12-25 1:03 am

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,457
Website

Re: Proposed change to IPv6 processing

Obviously, arrange your server storage to what makes sense at your end, but try to keep entry requirements for search as simple as possible (I understand IP addressing pretty damn good, yet still have problems wrapping my head around IPv6, so god knows what it is like for others with less exposure).

Alex Kemp

IP Aggregation (Help) · Easy Firewall Generator (Help)  · Conteg v0.13.14

Offline

#3 2024-12-25 8:09 am

BlueEyed Zebra
Member
Registered: 2023-09-27
Posts: 15

Re: Proposed change to IPv6 processing

I aggregate all IPs with a lot of other lists for ipset. Smaller subnets would mean, that I have to aggregate more times, 3 or 4 runs with 100k IPs make no real difference for me. And if it will result in more single IPs: There are people out ther, who toss in a bunch of blacklists from firehol without aggregating into the firewall, resulting in rediculous large sets, and it still works fast and without problems.
A /128 would not be a problem for iptables-users.

My hoster (netcup) gave me 65k IPv6.

,,,^..^(")

Offline

Pages: 1

Board footer

Powered by FluxBB

Close
Close

About StopForumSpam

We provide details of those reported as spammers, those that persist in abusing forums and blogs with their scams, ripoffs, exploits and other annoyances. We provide these lists so that you don't have to endure the never ending job of having to moderate, filter and delete their rubbish.

We Are Social

Copyright © Stop Forum Spam. All rights reserved