Sorry, I would want to say "tunnel Ipv4 in Ipv6" in my first
afirmation :-).
>
>
> Hi folks,
>
> I think that there are few reasons to tunnel Ipv6 in Ipv4
> packets. Tunneling is one of the many alternatives to
> implement transition to Ipv6 networks. It is used basically
> to provide communication between Ipv6 islands through IPv4
> infrastructure.
> Regards,
>
> Marcelo.
>
> > Nope, Lance's issue (the honeynet project's, actually) was
I
> Pv6
> > tunneled over IPv4. I used packet captures from the compr
om
> ised
> > honeypot as my test data, so I'm pretty sure about that on
e.
> I don't
> > think there's an option to tunnel v4 over v6, at least not
t
> hat I was
> > able to find in in.h.
> >
> > -Marty
> >
> >
> > On Tuesday, December 24, 2002, at 03:10 AM, Greg van der G
aa
> st wrote:
> >
> > > "This decoder is implemented to test Snort's
> > > capability to analyze IPv6 and IPv6 tunneled over IPv4."
> > >
> > >
> > > Don't you mean IPv4 tunneled over IPv6? (as in IPv4 traf
fi
> c being sent
> > > inside an IPv6 tunnel) I thought that was Lance's issue.
I
> might be
> > > mistaken here. In any case, thanks Marty. We love you ;)
> > >
> > > Cheers, merry Christmas and happy new year.
> > >
> > > Greg van der Gaast
> > > Guy with clue @ Ordina Public West NL
> > > (Frustrating times)
> > >
> > > -----Oorspronkelijk bericht-----
> > > Van: Martin Roesch [mailto:roesch_at_sourcefire.com]
> > > Verzonden: Saturday, December 21, 2002 2:45 AM
> > > Aan: focus-ids_at_securityfocus.com
> > > Onderwerp: EXPERIMENTAL IPv6 decoder available in Snort
> > >
> > > Hi everyone,
> > > Following up Lance's message regarding the usage of
I
> Pv6 tunneling
> > > on a
> > > honeynet, I'd like to announce the availability of an *e
xp
> erimental*
> > > version
> > > of Snort with an IPv6 decoder. This decoder is implemen
te
> d to test
> > > Snort's
> > > capability to analyze IPv6 and IPv6 tunneled over IPv4.
C
> urrently it
> > > consists of a decoder and printing module only, so if yo
u
> want to test
> > > it
> > > and see the v6 output, just run 'snort -dv'.
> > >
> > > If people would like to test the code out and see if it'
s
> working
> > > properly,
> > > it can be downloaded and tested at:
> > >
> > > http://www.snort.org/~roesch/snort-2.0.0beta-ipv6.tar.gz
> > >
> > > This code currently doesn't have any components integrat
ed
> into the
> > > detection engine, so you can't tell Snort to look at IPv
6
> addresses or
> > > header fields using the rules language yet. It is capab
le
> of looking
> > > for
> > > standard embedded protocol headers and payloads in IPv6
tu
> nneled over
> > > IPv4.
> > >
> > > If people would like to test this code out, I'm primaril
y
> interested in
> > > seeing if the code is stable and capable of decoding all
v
> 6 traffic
> > > without
> > > any memory leaks or crashes. Unfortunately, my ability
to
> generate v6
> > > traffic for testing purposes is extremely limited right
no
> w, so I'm
> > > depending on people with access to the right kind of net
wo
> rks to help
> > > out!
> > >
> > > Once I'm happy with the decoder, I'll integrate IPv6 sup
po
> rt into the
> > > detection engine!
> > >
> > > -Marty
> > >
> > > --
> > > Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-
> 1616
> > > Sourcefire: Professional Snort Sensor and Management Con
so
> le appliances
> > > roesch@sourcefire.com - http://www.sourcefire.com
> > > Snort: Open Source Network IDS - http://www.snort.org
> > >
> >
> >
>
>
> ---
> UOL, o melhor da Internet
> http://www.uol.com.br/
>
>
---
UOL, o melhor da Internet
http://www.uol.com.br/
Received on Dec 27 2002
Intro
