This isn't overtly related to voice, but thought I would pose it here
anyway in the context of SIP exploits:
Lots of dedicated servers and cloud servers from major providers are now
spun up with IPv6 enabled by default, but I have yet to see an instance
where firewall rules for IPv6 were enabled by default.
So, while it is typical for major Linux distributions (e.g. CentOS) to
ship with a conservative-ish 'iptables' ruleset applied by default, I
normally see:
--
root@server:~# ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--
And yes, the canonical default services listen on the 6-net, too:
--
root@server:~# ss -6tln | awk '{print $4}'
Local
::1:53
:::22
::1:953
--
With something like ~10% (?) of Internet traffic passing over IPv6 now
(right?), my expectation would be that script kiddie tools, dictionary
scanners, and the likes of SIPvicious would have evolved to exploit the
fact that IPv6 is often enabled but, in my experience, seldom firewalled.
Does this accord with your experience? Anecdotes welcome.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
1447 Peachtree Street NE, Suite 700
Atlanta, GA 30309
United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
