Security company Sucuri CTO Daniel Cid recently conducted a small experiment: How long would it take for attackers brute-forcing SSH accounts to compromise IPv4 and IPv6 servers? While the IPv4 servers fell within minutes — no surprise there — not a single IPv6 server got hit.
As part of the experiment, Cid configured five IPv4 servers and five IPv6 servers with open SSH ports across two cloud hosting providers, Digital Ocean and Linode. Attackers typically run through a list of common passwords to find the user account using that string, so all the test servers had “password” as the root password.
To read this article in full or to leave a comment, please click here