<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

IDS: IPv6

IPv6

From: Lance Spitzner <lance_at_honeynet.org>
Date: Thu, 19 Dec 2002 10:33:08 -0600 (CST)

Recently one of the Honeynet Project's Solaris Honeynets was compromised.
What made this attack unique was IPv6 tunneling was enabled on the system,
with communications being forwarded to another country. The attack and
communications were captured using Snort, however the data could not be
decoded due to the IPv6 encapsulation.

This made me consider, this activity could be used as a means of
"covert" communications or activity. Many IDS systems, and potentially
many sniffers, have difficulty decoding IPv6 activity. Was wondering if
others had seen this activity, and the implications it may have to the IDS
community?

lance
Received on Dec 19 2002

This message: [ Message body ]
Next message: Martin, Michael W: "Partition Snort data in MySQL?"
Previous message: Dudley, Brian (ISS Chicago): "RE: A question about ISS gigabit network sensor."
Next in thread: Steven Bairstow: "Re: IPv6"
Reply: Steven Bairstow: "Re: IPv6"
Reply: Krzysztof Zaraska: "Re: IPv6"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]