|
|
|
|
|
|
by aranelsurion
868 days ago
|
|
|
One potential scenario is bypassing rate limits, enabling abuse, scraping etc. because of the large IP blocks each customer is granted, and seemingly the lack of standardization there. The assumption of there being a finite amount of IPs to cycle for an attack doesn’t entirely hold with IPv6, and seems like not all software is configured to take that into account. Explained here better: https://adam-p.ca/blog/2022/02/ipv6-rate-limiting/ |
|
|
The naive suggestion for ipv6 in that article is what I first thought, block a /64, but since that might still be too cheap, it also quotes a more robust algo of dynamically expanding the blocking scope.