Comment by jeroenhd

3 years ago

Those responses baffle me. I don't think most of those have ever been on the receiving end of anti-abuse features targeting shared IP addresses. I wonder if they're the same people who consider IPv4 a scarce resource that needs to be shared carefully.

Try ten Google dorks for finding open Apache directory listings; your IP address gets reCAPTCHA prompts for every single search query for minutes. Share that IP address with thousands of people, and suddenly thousands of people get random Google/Cloudflare prompts.

6 comments

jeroenhd

Reply
bragr  3 years ago

Yeah, ever try to use Google through Tor? If you're lucky, it will let you do a captcha and get your result, but mostly it just says the IP is temporarily blocked for abuse.

mrkurt  3 years ago

IPv6 addresses are effectively the same as shared IPv4 addresses in anti-abuse systems. All anti abuse systems treat a /48 or /56 level the same as a single IPv4 address. It's the only way to actually detect one system doing abuse.

  • throw0101b  3 years ago

    > All anti abuse systems treat a /48 or /56 level the same as a single IPv4 address.

    With the difference being that you get your own /48 or /56 and suffer from only your own behaviour.

    If you're behind CG-NAT because your ISP can't get enough IPv4 addresses, then you suffer from the behaviour of other people.

    • mrkurt  3 years ago

      I don't know of a single ISP that gives /48s out to customers. Maybe a /56, but I think even that is rare.

      IPv6 is way better than cgnat, but ISPs are still doing their own internal routing for much smaller blocks. Meaning the block itself is functionally the equivalent of a shared IPv4 for abuse prevention purposes.

      But also, I could just not know about the ISPs giving out /48s. My window to this is from the abuse prevention side.

      2 replies →