←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 6 comments | 25 Aug 25 04:23 UTC | HN request time: 0.001s | source | bottom
Show context
ta8645 ◴[25 Aug 25 06:02 UTC] No.45010694[source]
If ipv6 ever becomes a thing, it'll make blocking all that much harder.
replies(3): >>45010765 #>>45010843 #>>45011858 #
1. rnhmjoj ◴[25 Aug 25 06:27 UTC] No.45010843[source]
No, it's really the same thing with just different (and more structured) prefix lengths. In IPv4 you usually block a single /32 address first, then a /24 block, etc. In IPv6 you start with a single /128 address, a single LAN is /64, an entire site is usually /56 (residential) or /48 (company), etc.
replies(2): >>45011168 #>>45015011 #
2. withinboredom ◴[25 Aug 25 07:14 UTC] No.45011168[source]
Hmmm... that isn't my experience:

/128: single application

/64: single computer

/56: entire building

/48: entire (digital) neighborhood

replies(1): >>45011325 #
3. rnhmjoj ◴[25 Aug 25 07:44 UTC] No.45011325[source]
A /64 is the smallest network on which you can run SLAAC, so almost all VLANs should use this. /56 and /48 for end users is what RIRs are recommending, in reality the prefixes are longer, because ISPs and hosting providers wants you to pay like IPv6 space is some scarse resource.

[1]: https://www.ripe.net/publications/docs/ripe-690/

replies(1): >>45011631 #
4. withinboredom ◴[25 Aug 25 08:36 UTC] No.45011631{3}[source]
Everyone at my isp is issued a /56 (and as far as I can tell, the entire country is this way).
5. Arnavion ◴[25 Aug 25 15:36 UTC] No.45015011[source]
Note that for the sake of blocking internet clients, there's no point blocking a /128. Just start at /64. Blocking a /128 is basically useless because of SLAAC.
replies(1): >>45025378 #
6. Avamander ◴[26 Aug 25 12:04 UTC] No.45025378[source]
Some cloud providers only give out /128 so it's fair to start blocking just a /128 at first.