Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPv6

Re: IPv6

From: Steven Bairstow <sab139_at_psu.edu>
Date: Fri, 20 Dec 2002 13:14:28 -0500

Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?

>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>What made this attack unique was IPv6 tunneling was enabled on the system,
>with communications being forwarded to another country. The attack and
>communications were captured using Snort, however the data could not be
>decoded due to the IPv6 encapsulation.
>
>This made me consider, this activity could be used as a means of
>"covert" communications or activity. Many IDS systems, and potentially
>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>others had seen this activity, and the implications it may have to the IDS
>community?
>
>lance 

-- 
Steven Bairstow                  http://www.personal.psu.edu/~sab139
Computer and Network Services - Sutherland Building
Penn State University - Abington College
"The machine is a marvelous simplifier... and may be the modern
emancipator of the creative mind." -- Frank Lloyd Wright
Received on Dec 20 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]