3

Because I can get full IPv6 support now from my home office (Comcast did this right) I have started to bring up cloud servers with no IPv4 addresses -- only IPv6. I use a static address and create a DNS AAAA record for each of them.

I have noticed that on these VMs seem to get absolutely no bot attack activity. The fail2ban script I have running (a must if you have an SSH server on a standard port at an IPv4 address) it never sees anything in the log to take action on.

These days I get suspicious if there aren't any attacks on a publicly routable IP device. So I want to know:

  1. Am I missing something? Are bots not able to find IPv6 addresses simply because they are obscure?

  2. Would my AAAA records ever be visible to the outside world to give the attackers something to add to their lists?

  3. Will this situation change?

AlanObject
  • 525
  • 3
  • 8
  • 3
    The IPv4 space is small enough that you can continuously scan the entire internet. IPv6 is so much larger that bots will have to _find_ your website, e.g. via web spiders. Also, lots of bots simply don't care about IPv6 since it's so rarely used. – forest Mar 13 '18 at 03:26
  • 2
    There are techniques to enumerate IPv6 by abusing infrastructure the servers connect to, e.g. NTP server pool: https://netpatterns.blogspot.co.uk/2016/01/the-rising-sophistication-of-network.html – domen Mar 13 '18 at 09:24
  • This agrees with my experience running IPv6-only hosts for the past several years. Automated attacks have been quite rare. Eventually this may change, so you really should not let your guard down. – Michael Hampton Mar 13 '18 at 18:09

0 Answers0