> Jaydeep Zala <[email protected]> kirjoitti 22.05.2018 kello 5:48: > > I'm trying to block IPV6 addresses with using v0.11.0, I need to whitelist > mine IPV6 and If someone tries to dos attack on my server with IPV6, I've to > block that IPv6, > > anyone did this scenario before, Please guide me I'm new to block IPV6 with > fail2ban.
You need to consider this carefully. There are so many IPv6 addresses out there. If you try to block them one by one you are going to DoS yourself by consuming all memory. There is no device built yet that can map the IPv6 address space even if you allocated just one bit to each address - and IPTables isn’t that efficient. The attackers of course are aware of this. Typically every home user is allocated a /64 subnet and any attack code will generate a new random address for each connection attempt. Just one infected home computer can crash your server in a very short time. No need for botnets any more. The obvious solution is to aggregate address blocks. The problem still persists, however. If you always block the whole /64 you still have 2^64 blocks to keep track of. If you start to block /48 or larger blocks you are causing widespread collateral damage. You could block whole countries or continents, even your own. Just because of one attacker. That will be hard to justify. IPv6 is a completely different animal. We will need new tools to cope with it. Log analysis is still valuable, but how to protect from attacks still needs research. I’m sorry I don’t have any answers, yet. br, Petri
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
