IPv6 doesn’t solve this really. You’ll still ban at least /64 and you’ll switch to /48 for the particularly nasty ones. There’s zero reason to ban a specific ipv6 address.
> You’ll still ban at least /64 and you’ll switch to /48 for the particularly nasty ones.
The entire /64 will nearly always be a single ISP customer, not thousands of customers behind one address as it can be for IPv4. And you can start by banning the /64 and then widen the mask, say, 4 bits at a time if abusive traffic continues from an adjacent range. It's not that hard to automate this. Then the /48 gets blocked only if you see abusive traffic from multiple ranges within it, implying that the whole range is controlled by the attacker, or that ISP does nothing about abusive customers, which is nearly the same thing.
The entire /64 will nearly always be a single ISP customer, not thousands of customers behind one address as it can be for IPv4. And you can start by banning the /64 and then widen the mask, say, 4 bits at a time if abusive traffic continues from an adjacent range. It's not that hard to automate this. Then the /48 gets blocked only if you see abusive traffic from multiple ranges within it, implying that the whole range is controlled by the attacker, or that ISP does nothing about abusive customers, which is nearly the same thing.