Re: ddos attacks

[Jon Lewis <jlewis () lewis org>]

On Thu, 19 Dec 2013, Lee Howard wrote:

> > > > I am strongly considering having my upstreams to simply rate limit ipv4
> > > > UDP. It is the simplest solution that is proactive.
> > >
> > > What are the prospects for ipv6 UDP not suffering the same fate?
> >
> > Roughly 0%, but there's so little v6 traffic compared to v4, you probably
> > don't have to worry about v6 attack traffic yet...particularly if you're
> > not dual stack yet.  :)
>
>
> -1 uninsightful
>
> Can't find any public data showing IPv6 as a percent of total bits, but
> it's certainly a meaningful percent of hits in many countries and networks.
>
> See also
> http://tools.ietf.org/html/draft-gont-opsec-ipv6-implications-on-ipv4-nets-
> 00 which describes risks from IPv6 to people who think they are running an
> IPv4-only network.

Apparently your humor detector is defective.  It was meant as a jab at 
the poor adoption of IPv6.  I'd hope that most people on NANOG would know 
if they're actually doing any IPv6.

I know there's more v6 where I am now, but at a previous employer, out of 
hundreds of hosting and colo customers, I think the ones who'd even asked 
about IPv6 could be counted on my fingÂers, and the ones actually doing v6 
on one hand.

AFAIK, my cable internet provider still isn't offering it...so if I wanted 
it at home, I'd have to tunnel someplace else.

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________