http://www.infoworld.com/article/3126784/security/ipv6-servers-beat-ipv4-in-security-for-now.html#tk.rss_networking
The above article reports on how long it took for unadvertised insecure servers to be "owned". Servers with IPv4 addresses were owned in less than 30 minutes. After a week, the servers with only IPv6 addresses had yet to be scanned. Is this an example of security through obscurity actually working? Or is it increasing the size of a brute force search space (like we do when we ask people to use longer passwords or encryption keys)? Obviously, there would be no benefit for publicly known servers whose IP addresses can be found with DNS via published hostnames. (Or even guessable hostnames.) If everybody switched to IPv6 only for non-public systems, how would hackers respond? Would this help with IoT (Internet of Things) security? Thoughts? Bill Bogstad _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
