Comment by 1970-01-01
7 months ago
Why is it harder to firewall them with IPv6? I seems this would be the easier of the two to firewall.
7 months ago
Why is it harder to firewall them with IPv6? I seems this would be the easier of the two to firewall.
Manual banning is about the same since you just book /56 or bigger, entire providers or countries.
Automated banning is harder, you'd probably want a heuristic system and look up info on IPs.
IPv4 with NAT means you can "overban" too.
Why wouldn't something like fail2ban not work here? That's what it's built for and has been around for eons.
Fun part was that fail2ban had RCE vulnerability. So you were more secure not running it now it should be fixed but can you be sure?
You don't always firewall 80/443 in Linux :(
I think they are suggesting the range of IPs to block is too high?
Allow -> Tarpit -> Block should be done by ASN
You probably want to check how many ips/blocks a provider announces before blocking the entire thing.
It's also not a common metric you can filter on in open firewalls since you must lookup and maintain a cache of IP to ASN, which has to be evicted and updated as blocks still move around.
Maybe it’s easier to circumvent because getting a new IPv6 address is easier than with IPv4?