gpg: Signature made Fri Dec 14 21:07:45 2012 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi Chris,
On Thu, Dec 13, 2012 at 05:25:26PM +0000, Chris Dennis wrote:
> But I've discovered that fail2ban doesn't know about IPv6 (yet),
> which seems to leave a fairly big hole in the security.
Someone has forked Fail2Ban to add IPv6 support:
https://github.com/Th4nat0s/fail2ban
so hopefully it won't be too long coming.
I must admit I don't have an IPv6 SSH dictionary attack
countermeasure myself at the moment. However, across 40 of my
IPv6-enabled hosts there have been a total of only four failed
attempts to log in from an IPv6 host. Some of those logs go back
three years...
> Is there an IPv6-aware alternative? A quick search reveals autofwd
> (http://freecode.com/projects/autofwd), but I'd like to hear some
> opinions about it before I try it.
Not tried that one. It looks pretty good though not present in
Debian archive (I see there are some Debian packages provided
though)
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
