|
|
|
|
|
|
by blechschmidt
3304 days ago
|
|
|
Blocking a /64 is not even enough in many cases. I know a couple of server providers handing out a /48 per server. If routing is done the right way, you can pretty easily randomize your source address by making use of features like AnyIP and add a whole prefix to your network interface. I have written a small tool to demonstrate this: https://github.com/blechschmidt/freebind Solutions to this problem that try to avoid penalizing other users sharing a prefix will certainly be interesting. Some approaches ban per /128 and extend this ban to a /64 if two or three addresses within the /64 got banned. |
|
|