IPv6 ingress filtering
Townsley.net
mark at townsley.net
Tue May 14 17:29:25 CEST 2019
https://tools.ietf.org/html/rfc7526
- Mark
> On 14 May 2019, at 17:24, Amos Rosenboim <amos at oasis-tech.net> wrote:
>
> Hello,
>
>
> As we are trying to tighten the security for IPv6 traffic in our network, I was looking for a reference IPv6 ingress filter.
> I came up with Job Snijders suggestion (thank you Job) that can be conveniently found at whois -h whois.ripe.net fltr-martian-v6
>
> After applying the filter I noticed some traffic from 6to4 addresses (2002::/16) to our native IPv6 prefixes (residential users in this case).
> The traffic is a mix of both UDP and TCP but all on high port numbers on both destination and source.
> It seems to me like some P2P traffic, but I really can’t tell.
>
> This got me thinking, why should we filter these addresses at all ?
> I know 6to4 is mostly dead, but is it inherently bad ?
>
> And if so, why is the prefix (2002::/16) still being routed ?
>
> Thanks,
>
> Amos Rosenboim
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20190514/b6945703/attachment.htm>
More information about the ipv6-ops
mailing list