>In practice, the /64 prefix of the IPv6 address has very much the same >"administrative" properties as the /32 value of the IPv4 address. You would hope so, but I know hosting places that give their customers a /128 in a shared /64. They claim that their routers make this hard to fix. I don't know the details. Like I said, whitelisting known good single IPs can probably work, but it is a major unsolved question how to figure out the size of the relevant bad range if you see an IP doing bad stuff. R's, John PS: Just to save time, any answer starting "all you need to do is ..." doesn't work. We've been around this barn enough times that there is severe soil erosion.