[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] IPv6
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] IPv6
- From: "David A. Bandel" <david.bandel (at) gmail.com>
- Date: Fri, 28 Nov 2008 15:25:38 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ORbQ0j2e9tAHfKx8VXdzST1dKDaInPo7HsxP1Vw6rFI=; b=A2ql8Aa+M0s+wgqsSkiXtvCO3bi/4/s8sHvSoxrPHCY2a4LypqhXxcoHgauF1oR/dt gCauJdLtbv3XtkzCH+eIhHEcPpgzvcRjXn3HiTnkb0MCjKTj812GII2OiHQrqUsjZ1Ka UPkHWwGKgFp77sw0ROBcqnsNwjJG1jitp6ML4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=VYEE/ERIrmxT8SM2MCRs891zvZPTnSbsDddTjwjL9bKHlKW7got5bdk7K2Usr1tRMd 5NwmaOPWtcq49ChMOJNL4+nzN7aKLzzp6l7Jqj1Ns8y6AL9XxL8s1sIVfIijql00GXTr vaiVxjGW9LypXEnuZmrjj2nH0bKBkgms26YYA=
- References: <ea6cc0c70811281053n3c27f49fpf78fd2b800a52bf5 (at) mail.gmail.com> <961092e10811281117s73b122ccrc26b1286badb0db9 (at) mail.gmail.com> <ea6cc0c70811281137r26a81747u4bde7144215a339a (at) mail.gmail.com> <961092e10811281155q3b43ef11rb471b8cea81590d0 (at) mail.gmail.com>
On Fri, Nov 28, 2008 at 2:55 PM, Josh Luthman
<josh (at) imaginenetworksllc.com> wrote:
> I'm top-posting because it's Gmail's default.
>
> Reading through logs on a day to day basis just isn't feasible - these
Who has time?
> things have to be automated. My point is just because you don't have SSH
> login attempts doesn't mean you can waive something like DenyHosts.
As I said. I have all this. I was just surprised the first automated
report that came in after turning off ipv4 bindings that there were no
entries listed, and that my log file for the day was much smaller.
Not sure why you'd take my comment that the attacks were mitigated to
somehow suggest I dropped all security measures. Heck, I spent a
whole day trying to figure out what was going on and why no entries
(couldn't believe there just were no attacks).
The note about fewer (in this case cessation) of attacks I just found
very interesting (I still think it's interesting). Now I'm watching
for when they actually start (and from where -- I expect China as
that's where IPv6 is being heavily deployed and is the origin of many
ipv4 attacks).
You have me confused with Microsoft -- ensuring all my security
measures still work correctly in IPv6 was my first priority.
ip6tables is a good start, btw.
I just need to start monitoring IPv6 -- for those services binding
both protocols as well as those few that are only bound to IPv6. I
need to know if my mail server, web server, etc., is only responding
to one or the other or both now that I have two protocols running
(vice one).
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto