Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPv6

Re: IPv6

From: roy lo <roylo_at_sr2c.com>
Date: Fri, 20 Dec 2002 23:53:34 -0500

I think it was used to perform the attack, I have heard this type of
attack from a friend of mine before awhile ago.

Steven Bairstow wrote:

>Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?
>
>
>
>>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>>What made this attack unique was IPv6 tunneling was enabled on the system,
>>with communications being forwarded to another country. The attack and
>>communications were captured using Snort, however the data could not be
>>decoded due to the IPv6 encapsulation.
>>
>>This made me consider, this activity could be used as a means of
>>"covert" communications or activity. Many IDS systems, and potentially
>>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>>others had seen this activity, and the implications it may have to the IDS
>>community?
>>
>>lance
>>
>>
>
>
>
> 

-- 
Roy Lo  
Freelance Consultant 
E-mail -  roylo_at_sr2c.com
Sun Certified Network Administrator (SCNA)
Sun Certified System Administrator (SCSA)
Cisco Certified Network Associate (CCNA)
Received on Dec 23 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos