handle malicous IPv6 systems abusing the /64 hostmask
I extended my DDoS solution [1] by blocking systems where malicous connections attempts where observed from up to 256 IPv6 addresses of the same /64 block within 24 hours from hosters providing /64 hostmasks. For now it is rather a quirk than a generic solution. But it works well. And it extends the solution to accept now manual block requests like ipset add tor-ddos6-5443 <IPv6 address> -exist [1] https://github.com/toralf/torutils?tab=readme-ov-file#details -- Toralf
Am 15.02.2026 um 11:07:49 Uhr schrieb Toralf Förster via tor-relays:
I extended my DDoS solution [1] by blocking systems where malicous connections attempts where observed from up to 256 IPv6 addresses of the same /64 block within 24 hours from hosters providing /64 hostmasks.
Is IPv6 abuse from various addresses within the same /64 a real issue and is that really caused by TOR exits? -- Gruß Marco Send unsolicited bulk mail to 1771150069muell@cartoonies.org
participants (2)
-
Marco Moock -
Toralf Förster