Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPv6

Re: IPv6

From: Krzysztof Zaraska <kzaraska_at_student.uci.agh.edu.pl>
Date: Sat, 21 Dec 2002 13:56:37 +0100

Hello,

On Thu, 19 Dec 2002 10:33:08 -0600 (CST)
Lance Spitzner <lance_at_honeynet.org> wrote:

> The attack and
> communications were captured using Snort, however the data could not be
> decoded due to the IPv6 encapsulation.

For the record, I've once came over a package that looks like snort with
IPv6 support, however I have never evaluated it:
http://www.tahi.org/~tanaka/snort/snort+ipv6-20011201.tgz

What's not entirely clear to me is why you weren't able to decode IPv6
traffic. Was it caused by the fact that:

- your software did not capture the IPv6 traffic, or captured it
incorrectly

- you have the (encapsulated) IPv6 traffic captured, but there is no, or
you don't have, a protocol analyzer capable of decoding it

- the IPv6 communication was protected with IPSEC

Regards,
Krzysztof 

-- 
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//		-- Stanislaw Lem
Received on Dec 23 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]