nanog mailing list archives
Re: Scanning activity from 2620:96:a000::/48
From: "Dobbins, Roland" <Roland.Dobbins () netscout com>
Date: Tue, 6 Jul 2021 10:21:34 +0000
On 6 Jul 2021, at 16:53, Tore Anderson <tore () fud no> wrote: I was just curious to hear if anyone else is seeing the same thing, and also whether or not people feel that this is an okay thing for this «Internet Measurement Research (SIXMA)» to do (assuming they are white-hats)?
Scanning is part of the ‘background radiation’ of the Internet, and it’s performed by various parties with varying motivations. Of necessity, IPv6 scanning is likely to be more targeted (were your able to discern any rhyme or reason behind the observed scanning patterns?). iACLs, tACLs, CoPP, selective QoS for various ICMPv6 types/codes, et. al. should be configured in such a manner that 600pps of anything can’t cause an adverse impact to any network functions. Because actual bad actors are unlikely to voluntarily stop, even when requested to do so. -------------------------------------------- Roland Dobbins <roland.dobbins () netscout com>
Current thread:
- Scanning activity from 2620:96:a000::/48 Tore Anderson (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Mark Tinka (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Dobbins, Roland (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Tore Anderson (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Tom Beecher (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Mel Beckman (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Tore Anderson (Jul 06)
- Re: Scanning activity from 2620:96:a000::/48 Nick Suan (Jul 15)