This week I began mapping IPv6 SPAM headers "Received:" and "X-Received:" and have discovered over 50% are from:
10.0.0.0 – 10.255.255.255 2002:0a00:: - 2002:aff:ffff:ffff:ffff:ffff:ffff:ffff 172.16.0.0 – 172.31.255.255 2002:ac10:: - 2002:ac10:ffff:ffff:ffff:ffff:ffff:ffff 192.168.0.0 – 192.168.255.255 2002:c0A8:: - 2002:c0A8:ffff:ffff:ffff:ffff:ffff:ffff Can anyone else confirm my findings? Joe Klein "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8 On Mon, Jun 18, 2018 at 9:18 PM, Jared Mauch <ja...@puck.nether.net> wrote: > > > > On Jun 18, 2018, at 8:31 PM, Mark Andrews <ma...@isc.org> wrote: > > > > If you are using 2002::/16 you know are relying on third parties. Not > that it is much > > different to any other address where you are relying on third parties. > > > > If one is going to filter 2002::/16 from BGP then install your own > gateway to preserve > > the functionality. > > It does not appear the functionality is working at present, which I think > is the more critical point. Taking a quick sampling of where I see the > packets going from two different networks, it doesn’t seem to be going > where it’s expected, nor is it working as expected. These appear to be at > best routing leaks similar to leaking rfc6761 space that should be under > your local control. They could also be seen as a privacy issue by taking > packets destined to 2002::/16 somewhere unexpected and off-continent. > > I would expect even in the cases where it does work, it would be subject > to the same challenges faced by people using VPN services (being blocked > from your kids favorite streaming services) and much poorer performance > than native IPv4. > > There is also the problem noted by Wes George with 6to4 being used in DNS > amplification, which may be interesting.. > > http://iepg.org/2018-03-18-ietf101/wes.pdf > > I don’t believe most providers are intending to offer 6to4 as a global > service. Even the large providers (eg: Comcast) seem to have disabled it > ~4+ years ago. While I know there’s people on the internet that like to > hang on to legacy things, this is one that should end. The networks and > devices today no longer require this sort of transition technology, and the > networks where it’s left won’t want it as it will be used for various bad > things(tm). > > - Jared
