|
|
|
|
|
|
by magila
3488 days ago
|
|
|
Per IP rate limiting with IPv6 is a futile gesture against any attacker more sophisticated than a kid in his parent's basement. It doesn't take much effort to get a /48 while most ISPs are handing out /64s to their customers. This leaves rate limiters in a catch 22: Are all those requests coming from a given /48 a single attacker, or a bunch of Comcast users? It's impossible to tell without maintaining a table of what the "end user" allocation size is for a particular IP range, which would be a massive, never-ending task. |
|
|