[6bone] DoS attacks through 6to4 anycast relay

Gert Doering gert@space.net
Thu, 10 Jul 2003 18:47:10 +0200


Hi,

On Thu, Jul 10, 2003 at 05:20:54PM +0200, Pim van Pelt wrote:
> Bottom line: I have not persued this any further. If the community is
> interrested, I can easily be persuaded to proceed with a relay
> deployment from AS12859 (nl.bit). 

I think it will already be helpful if you (and everybody else) run an 
6to4 relay just for yourself and your customers.

That is: run it, but don't announce the IPv4 anycast address or the 
2002:: address to any non-customers.  (You have to give it to the
customers, otherwise you'll take away the connectivity for them).

That way your customers can get quick 6to4 access (both ways, either
using 6to4 addresses internally, or talking from native v6 to 6to4
users elsewhere), and you don't have to pay for non-customer traffic.

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  55442  (55636)

SpaceNet AG                 Mail: netmaster@Space.Net
Joseph-Dollinger-Bogen 14   Tel : +49-89-32356-0
80807 Muenchen              Fax : +49-89-32356-299