On 03/12/2020 17:14, Tim via users wrote:
On Thu, 2020-12-03 at 12:53 +0800, Ed Greshko wrote:
I suppose if one is paranoid about posting their ip addresses they may be concerned.
I tend to avoid that, because it just invites some people to have a go. However, in most posts to a mailing list your IP is in the mail headers.
I remember my early forays into the net. Almost any time you did a public post, you'd see a slew of connected attempts reported by the firewall, very shortly after. Bots watch public arenas, and just automatically tried to penetrate any addresses they thought were currently on-line.
And that is pretty much the point. I can't think of anyone that would go through the trouble of unpacking pcap output to find IP addresses they could attack. They either farm IP addresses from emails, dns queries, or just plain find blocks of IP addresses to attack.
To this observation, add the fact that I have a few systems which are "open" for the express purpose of cataloging where ssh attacks are sourced. The systems I have are both IPv4 and IPv6. All attacks have been against IPv4. In over a year of these systems supporting IPv6 there have been Zero attacks on those addresses.
--- The key to getting good answers is to ask good questions.