[hobbit] IPv6

David A. Bandel david.bandel at gmail.com
Fri Nov 28 21:25:38 CET 2008


On Fri, Nov 28, 2008 at 2:55 PM, Josh Luthman
<josh at imaginenetworksllc.com> wrote:
> I'm top-posting because it's Gmail's default.
>
> Reading through logs on a day to day basis just isn't feasible - these

Who has time?

> things have to be automated.  My point is just because you don't have SSH
> login attempts doesn't mean you can waive something like DenyHosts.

As I said.  I have all this.  I was just surprised the first automated
report that came in after turning off ipv4 bindings that there were no
entries listed, and that my log file for the day was much smaller.
Not sure why you'd take my comment that the attacks were mitigated to
somehow suggest I dropped all security measures.  Heck, I spent a
whole day trying to figure out what was going on and why no entries
(couldn't believe there just were no attacks).

The note about fewer (in this case cessation) of attacks I just found
very interesting (I still think it's interesting).  Now I'm watching
for when they actually start (and from where -- I expect China as
that's where IPv6 is being heavily deployed and is the origin of many
ipv4 attacks).

You have me confused with Microsoft -- ensuring all my security
measures still work correctly in IPv6 was my first priority.
ip6tables is a good start, btw.

I just need to start monitoring IPv6 -- for those services binding
both protocols as well as those few that are only bound to IPv6.  I
need to know if my mail server, web server, etc., is only responding
to one or the other or both now that I have two protocols running
(vice one).

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto



More information about the Xymon mailing list