Return of banned users - how reliable is a v6 IP-address as a criteria?

S

smallwheels

Well-known member
I do not have many bans in my forum, just the usual troll a couple of times a year. Today, a new user registered and the spam protection went alert, telling me that the IP of this user would be identical to a troll I banned last year. It is an IP v6 address for the matter. Typically we have private users with dynamic IP adressess (v4) but there are some that log in from their workplace regularly. With dynamic v4 they are randomly reassigned with customers of the provider in thegeogrphic area - so it would not be a good or safe criteria for excluding new users.
But how does this work with IP v6 addresses? Are they randomly reassigned as well?
 
Interesting question. We only allow IP v4 traffic at the moment on our server.

So, is an IP v6 address more unique? Are logged IP v6 addresses better to identify duplicate accounts? 🤔
 
MentaL said:
any ip assignment can be dynamic.
Click to expand...
Sure. The question is if that is the case. My professional networking days ended way before v6 came to practice. What I remember from the discussions before v6 became common was, that the need for dynamic assignment (that arose from the limited amount of v4 addresses) is no issue with v6 conceptionally - in theory each device could have a unique address of it's own as the address space is way way bigger than v4. But static addresses are a business model for providers, so, even if the outlined theory would be true, it could be the case that they still assign them dynamically to be able to upsell to static. I've no idea how the practice is, hence the question.

nocte said:
So, is an IP v6 address more unique? Are logged IP v6 addresses better to identify duplicate accounts? 🤔
Click to expand...
That's my question. It could potentially be, but I don't know if it really is.

I've checked the IP in question with the tool built into XF (or Moderator Panel for that matter) and to me it was unclear if it is fixed or dynamically assigned based on the output of the website where you can check the IPs. That's why I'm asking. ;-)
 
nocte said:
Interesting question. We only allow IP v4 traffic at the moment on our server.

So, is an IP v6 address more unique? Are logged IP v6 addresses better to identify duplicate accounts? 🤔
Click to expand...

IPV6 has a broader range, a lot.
aws.amazon.com

IPv4 vs IPv6 - Difference Between Internet Protocol Versions - AWS

What's the difference between IPv4 vs IPv6s? How to use IPv4 and IPv6 with AWS.
aws.amazon.com aws.amazon.com

The full address space of IPv4 is 2³², or 4,294,967,296 IP addresses. IPv6 has a significantly higher address space of 2¹²⁸, or 3.403×10³⁸, or 340,282,366,920,938,000,000,000,000,000,000,000,000 unique IP addresses. That number, in English, translates to around 340 undecillion, 300 decillion.
 
  • Haha
Reactions: FoP
smallwheels said:
I do not have many bans in my forum, just the usual troll a couple of times a year. Today, a new user registered and the spam protection went alert, telling me that the IP of this user would be identical to a troll I banned last year. It is an IP v6 address for the matter. Typically we have private users with dynamic IP adressess (v4) but there are some that log in from their workplace regularly. With dynamic v4 they are randomly reassigned with customers of the provider in thegeogrphic area - so it would not be a good or safe criteria for excluding new users.
But how does this work with IP v6 addresses? Are they randomly reassigned as well?
Click to expand...
When you look it up, whatismyipaddress will tell you if it's static or dynamic.
 
You need to get @Xon's sign up and abuse addon along with his standard library. It will help prevent those internet pests from returning
 
Kirby said:
Yes, sort of usually to protect end user privacy.
Click to expand...
Interesting! Still: Given the large address space of v6 plus that my forum is pretty small (at 1.500 members) and the IP clearly is from the same city as the former troll - what is the probability that two different people within a couple of months end up with the same random factor for their IPv6 address (with the random factor coming from the hardware of the user, based on it's unique Mac address) within the same geographical area in the same small forum and use the same internet provider? Possibly not too likely.

With a huge forum with tons of users it may be different, with my small one I am not so sure.
 
smallwheels said:
Interesting! Still: Given the large address space of v6 plus that my forum is pretty small (at 1.500 members) and the IP clearly is from the same city as the former troll - what is the probability that two different people within a couple of months end up with the same random factor for their IPv6 address (with the random factor coming from the hardware of the user, based on it's unique Mac address) within the same geographical area in the same small forum and use the same internet provider? Possibly not too likely.

With a huge forum with tons of users it may be different, with my small one I am not so sure.
Click to expand...
Some providers do recycle IP addresses but if it smells like a fish, looks like a fish, is it really a horse?
 
I usually let them in if it has been some time since the banning and if it is the same troll it will soon show. The risk of blocking another user for me is to great. And sometimes people actually change :)
I have banned a few that returns with the same ip (v4) after one or a couple of days.
 
Update: I am quite sure that it is a user with multiple accounts as it turned out. I had the troll account locked, but not deleted. He tried to log in yesterday (and failed) and someone with the same IP created another account a couple of hours later. Coincidently the same IP within the same timeframe was used by another, regular user of the forum who has not the most positive track record, to say it politely. So probability is high that this user had a second account and, being locked out with this, tried to create a third one to start trolling again.
I now decided to let him in and see what will happen. Always better to know that something is going on and to watch out for it then to follow the illusion to have successfully defeated the issue...

To answer my question from the start posting: The regular user in question is typically visiting with an v6 ip and it is changing completely within 24h as I saw when digging down the matter. So v6 are indeed dynamically assigned.

The only reason the issue came to my attention was because the user was stupid enough first trying to log in with a blocked account and then within hours tried to register a fresh one, using the same ip. Otherwise the alarm system would not have gone off. I was a bit surprised to find out there was the third user account involved that is possibly the evil brain behind this. Let the games begin...
 
You must log in or register to reply here.

Similar threads

Adam Howard
Duplicate Unable to ban IP v6 IP Address
Replies
8
Views
2K
Adam Howard
Adam Howard
Back
Top Bottom