Apparently Dreamhost ISP has only one IPv6 /64 for the entirely of their DreamCompute hosted network, so when someone misbehaves on any part of it, a lot of security filters and blocklists just drop the /64 or /56 because a typical attacker would just ...
-
Apparently Dreamhost ISP has only one IPv6 /64 for the entirely of their DreamCompute hosted network, so when someone misbehaves on any part of it, a lot of security filters and blocklists just drop the /64 or /56 because a typical attacker would just be able to move around inside it otherwise. Which sucks for users like me with good server hygiene. #IPv6 #Dreamhost
-
@vees I often wonder if people blocking an entire /64 or /56 have any idea how many systems they may be blocking by doing that.
If you use DHCPv6, you are likely supplying #ipv6 addresses to potentially thousands of computers on the same /64.
Maybe that is what they want to do. Maybe not. But to assume that a /64 is given to one computer/server/home etc. can be wrong a lot.
-
@doachs Human beings can't truly comprehend geologic time, atomic scale, or IPv6 address space
-
@vees
#IPv6 blocklists have settled on /64 as a single host typically has a /64 subnet.@beasts shared their learnings here https://youtu.be/ZqNYogK7B-w?si=WHUPFPP7CINbt7p-
-