Comment by josteink

> How about we actually finally roll out IPv6 and bury CGNAT in the graveyard where it belongs?

That depends on the service you are DDosing actually having an IPv6 presence. And lots of sites really don't.

It doesn't help if you have IPv6 if you need to fallback to IPv4 anyway. And if bot-net authors knows they can hide behind CGNAT, why would they IPv6 enable their bot-load when all sites and services are guaranteed to be reachable bia IPv4 for the next 3 decades?

(Disclaimer: This comment posted on IPv6)