XMPP Service Operators - 2023-07-05

  1. sagaracharya

    Exactly the same issue I see

  2. sagaracharya

    An IPv6 address space has 1 ip for each grain of sand on earth

  3. sagaracharya

    In such a case, how can one make sure that in public space, bot attacks won't happen?

  4. sagaracharya

    If I have a blacklisting kind of logic where I ban IPs, it can grow till my server finds it impossible to manage the list of IPs.

  5. jonas’

    generally, with IPv6, you ban entire subnets. /64 is commonly assigned to a single "user", customer or tenant.

  6. radovan

    IP blocking is usually a nice to have, you should still have actual tactful security behind it

  7. jonas’

    so you'd start with /64, and if you find adjacent networks to also be problematic, you gradually escalate the prefix length

  8. jonas’

    (keeping the whois information in mind to not go beyond ISP boundaries)

  9. sagaracharya

    Even with such a subset assigned, how many IPs are we talking about?

  10. sagaracharya

    Even after banning it, the resultant search set is very high, right?

  11. sagaracharya

    > so you'd start with /64, and if you find adjacent networks to also be problematic, you gradually escalate the prefix length But wouldn't this even ban unrelated computersm

  12. sagaracharya

    computers?

  13. sagaracharya

    So say, my neighbour has [a,b] IPs. I have [b,c] My neighbour engages in bot attacks but I don't. Even I will be banned in that case!

  14. jonas’

    yes.

  15. jonas’

    it's not perfect, same can happen with IPv4 with carrier grade NAT though

  16. jonas’

    that's the issue with IP bans

  17. jonas’

    IPv6 just makes it more explicit and workaroundable really (you could add exceptions if users complain)

  18. jonas’

    IPv6 just makes it more explicit and workaroundable really (you could add exceptions if users complain, can't add exceptions for individual users behind CGN)

  19. sagaracharya

    4,29,49,67,296 values are extremely manageable on a program. One can easily ban and prioritize individuals

  20. sagaracharya

    If one can fix IPv6 addresses, then one can whitelist

  21. sagaracharya

    My ISP, Jio, keeps a stable IPv6 but if I switch off the router and switch it on again, the address changes

  22. Menel

    I've daily new ips by default.. That's the thing with ips... It is only a small part of your strategy.

  23. sagaracharya

    Menel: v6 or v4?

  24. Menel

    Both

  25. Quinn64

    Same here, that's why I have my TTL set to 1min and crontab updating the IP every minute

  26. TheCoffeMaker

    Mine changes only when router is more than a minute offline and it's only v4

  27. sagaracharya

    1 person was mentioning how they have privacy because they are in an IPv4 network

  28. sagaracharya

    It is a very interesting argument! Extremely true!

  29. radovan

    Cgnat doesn't give you privacy

  30. MSavoritias (fae,ve)

    yeah that sounds misinformed

  31. sagaracharya

    ? Come on, when a bunch of devices use a single IP, one wouldn'y be able to differentiate one packet from another that well!

  32. sagaracharya

    That's privacy

  33. sagaracharya

    What are your views on gopher and gemini?

  34. sagaracharya

    Do you think they're needed?

  35. sagaracharya

    Above 2 questions are directed to everyone

  36. Licaon_Kter

    Still offtopic...

  37. radovan

    sagaracharya, please join this chat if you want to continue these diatribes: xmpp:conversations-offtopic-reloaded@conference.trashserver.net?join