0

With IPv4 it is pretty easy to blacklist IPs since it's not cheap to get new IPs and they are limited. However, with IPv6 it's pretty easy/free to generate a huge amount of unique IPs and it's pretty hard to blacklist some user based on his/her IPv6.

After researching about this, I discovered that there is some part in the IPv6 that is not very easy to the user to change (/64) and there is some part in the IPv6 that IS easy to change (/64) = 64 + 64 = 128 bits.

So I assume, half of the address can be changed easily and half cannot, right? So take this IPv6 example:

  2001:0db8:85a3:0000:0000:8a2e:0370:7334

If I want to block this user, should I block all the IPs starting with "2001:0db8:85a3:0000" or the ones ending with "0000:8a2e:0370:7334"? Which part is the hard to change and which one is the easy?

In case I am talking some nonsense here, please correct me! I am completely new to this IP stuff :)

Dani
  • 13
  • 2
  • just block 2001:0db8:85a3::/64 – djdomi Aug 15 '21 at 18:59
  • Does this answer your question? [How does IPv6 subnetting work and how does it differ from IPv4 subnetting?](https://serverfault.com/questions/426183/how-does-ipv6-subnetting-work-and-how-does-it-differ-from-ipv4-subnetting) – djdomi Aug 15 '21 at 19:00
  • @djdomi I need to work with substrings in the blacklist. So you say I should block "2001:0db8:85a3:0000"? Blocking all the IPs the match the first 64 bits? If you post a simple answer I will be glad to accept it. I read the link you provided, is very clear but there is no place where it says what part explicitly of the IPv6 the user can freely change. – Dani Aug 15 '21 at 22:09

0 Answers0