On Fri, Nov 28, 2008 at 2:55 PM, Josh Luthman <josh at imaginenetworksllc.com> wrote:
I'm top-posting because it's Gmail's default.
Reading through logs on a day to day basis just isn't feasible - these
Who has time?
things have to be automated. My point is just because you don't have SSH login attempts doesn't mean you can waive something like DenyHosts.
As I said. I have all this. I was just surprised the first automated report that came in after turning off ipv4 bindings that there were no entries listed, and that my log file for the day was much smaller. Not sure why you'd take my comment that the attacks were mitigated to somehow suggest I dropped all security measures. Heck, I spent a whole day trying to figure out what was going on and why no entries (couldn't believe there just were no attacks).
The note about fewer (in this case cessation) of attacks I just found very interesting (I still think it's interesting). Now I'm watching for when they actually start (and from where -- I expect China as that's where IPv6 is being heavily deployed and is the origin of many ipv4 attacks).
You have me confused with Microsoft -- ensuring all my security measures still work correctly in IPv6 was my first priority. ip6tables is a good start, btw.
I just need to start monitoring IPv6 -- for those services binding both protocols as well as those few that are only bound to IPv6. I need to know if my mail server, web server, etc., is only responding to one or the other or both now that I have two protocols running (vice one).
Ciao,
David A. Bandel
Focus on the dream, not the competition. - Nemesis Air Racing Team motto