[xyst]

> if the ip address that created the link shortener accesses the link, they get the real redirect, and if a different ip address accesses it

If there’s anything I have learned about IP based blocking, it’s very unreliable. Especially in a NAT’d world.

Great you “shadowbanned” an IP, but you also impacted many other people and devices behind that public IP including the bad actor.

IPv6 is supposed to make NAT irrelevant but adoption is still very low despite IPv4 deprecated more than 2 decades ago.

[baq]

IPv6 doesn’t solve this really. You’ll still ban at least /64 and you’ll switch to /48 for the particularly nasty ones. There’s zero reason to ban a specific ipv6 address.

[zrm]

> You’ll still ban at least /64 and you’ll switch to /48 for the particularly nasty ones.

The entire /64 will nearly always be a single ISP customer, not thousands of customers behind one address as it can be for IPv4. And you can start by banning the /64 and then widen the mask, say, 4 bits at a time if abusive traffic continues from an adjacent range. It's not that hard to automate this. Then the /48 gets blocked only if you see abusive traffic from multiple ranges within it, implying that the whole range is controlled by the attacker, or that ISP does nothing about abusive customers, which is nearly the same thing.

[geon]

> Great you “shadowbanned” an IP, but you also impacted many other people and devices behind that public IP

In this scenario it doesn't matter. Some user might be able to access the malware still, but that's better than not blocking it at all.

[speedgoose]

Is IPv4 actually deprecated?

And IMHO, NAT won the fight against IPv6 because it’s backward compatible.

[99catmaster]

Sorry for noob question but what does NAT and NAT’d mean in this context?