
How to Hide AWS EC2 Instances from Network Scanning Bots Using IPv6 - pawurb
https://pawelurbanek.com/ec2-scanner-bots-ipv6
======
parliament32
Security through obscurity is generally a bad idea. The author proposes using
ipv6 addresses because... the address is harder to guess? They don't want to
patch vulns so they're scared of being scanned?

You shouldn't be using password auth in a public-facing ssh server anyway (use
keys!) but if you are, fail2ban is good for locking out brute force attempts.
You can also use iptables to restrict access to just certain IPs/subnets.
Alternatively, run your own mesh VPN with tinc and configure sshd to only
listen on the vpn address (this is the best solution).

Non-standard ssh ports are also an option, but keep in mind using unprivileged
ports (>1024) opens other attack vectors so you probably shouldn't.

