14 Dec
2012
14 Dec
'12
9:24 p.m.
On Fri, Dec 14, 2012 at 9:07 PM, Andy Smith <andy(a)bitfolk.com> wrote:
Hi Chris,
On Thu, Dec 13, 2012 at 05:25:26PM +0000, Chris Dennis wrote:
I noticed this problem with fail2ban when I first looked at IPv6 and
ended up writing a firewall script for ip6tables to handle SSH
attacks. It uses the '-m recent' (etc) parameters and appears to
work.
Admittedly, it's not as slick as fail2ban, but it will do until
fail2ban or else is ready.
Cheers,
Gerald
But I've discovered that fail2ban doesn't
know about IPv6 (yet),
which seems to leave a fairly big hole in the security.
Someone has forked Fail2Ban to add IPv6 support:
https://github.com/Th4nat0s/fail2ban
so hopefully it won't be too long coming.
I must admit I don't have an IPv6 SSH dictionary attack
countermeasure myself at the moment.