Saw my first IPv6 port scan recently, targeting my domestic Atlas probe. Originated from Shodan, first seen 2015-09-30T2017Z, and again ~24 hours later. At the moment, the probe is behind a stateful firewall (which dropped the traffic). Does it make any difference if it were moved to be completely exposed? (I've often wondered whether this should be the case to ensure proper function.) It is behind (filtered) NAT on the IPv4 side. Regards, Gary
On 2015-10-02 18:56, Gary Gapinski wrote:
Saw my first IPv6 port scan recently, targeting my domestic Atlas probe.
Originated from Shodan, first seen 2015-09-30T2017Z, and again ~24 hours later.
At the moment, the probe is behind a stateful firewall (which dropped the traffic). Does it make any difference if it were moved to be completely exposed? (I've often wondered whether this should be the case to ensure proper function.) It is behind (filtered) NAT on the IPv4 side.
Regards,
Gary
Hello, The RIPE Atlas probes don't offer any real services, apart from a basic TCP/IP that answers ping requests, for example. A port scan, even locally, should result in no useful results. Some people put the probe behind the firewall (*) because that seems to be a good idea, others put it in the DMZ so that the probe is not on the same LAN as other devices, some people put it outside the firewall. From the functional point of view, it's really all the same. (*) in this case the firewall should be such that it allows measurements -- i.e. outgoing TCP/IP and responses to these Hope this helps, Robert
participants (2)
-
Gary Gapinski -
Robert Kisteleki