Replying to Avatar Papa Figos

IPv6 is widespread enough these days, just listen on TCP6, portscans are not feasible over such a large address space.

Script kiddies hate this one trick!
Avatar
Skhron - VPS for Bitcoin, Lightning and Monero 10mo ago

This will work unless IPv6 address is used to host any website with TLS - Censys and Onyphe AFAIK already use this heuristics to scan IPv6 addresses already

Reply to this note

Please Login to reply.

Discussion

Avatar
Papa Figos 10mo ago

You don't need to bind sshd to the same IP as a webserver or anything else. There are gazillions of IP6's, scanning them all isn't feasible.

On most servers you get a /64, which is 18,446,744,073,709,551,616 IP6s. That's 18 quintillion.

Avatar
Skhron - VPS for Bitcoin, Lightning and Monero 10mo ago

This is true, intention of my post was to raise awareness of others

Avatar
Papa Figos 10mo ago

Yup, and what you said is good info too. Just figured I'd add the IPv6 angle.

Avatar
Skhron - VPS for Bitcoin, Lightning and Monero 10mo ago

Btw we offer routed /56 IPv6 prefixes if asked for free if default /64 allocation is not enough