RE: IPv6 support in IDS/IPS products
From: Palmer, Paul (ISSAtlanta) (PPalmer_at_iss.net)
Date: 11/10/05
- Previous message: Palmer, Paul (ISSAtlanta): "RE: RPC Evasion techniques"
- Maybe in reply to: Palmer, Paul (ISSAtlanta): "RE: IPv6 support in IDS/IPS products"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Nov 2005 19:06:27 -0500 To: "Scott Sloan" <swsloan.ml@gmail.com>, "David Williams" <dwilliamsd@gmail.com>, "Planz" <planz2009@gmail.com>
It is enabled by default in the ISS products. There is no performance
hit.
-----Original Message-----
From: Scott Sloan [mailto:swsloan.ml@gmail.com]
Sent: Monday, November 07, 2005 4:49 PM
To: 'David Williams'; 'Planz'
Cc: 'Mike Barkett'; focus-ids@securityfocus.com
Subject: RE: IPv6 support in IDS/IPS products
What is the performance hit when turning on this feature within NFR and
ISS?
-Scott
-----Original Message-----
From: David Williams [mailto:dwilliamsd@gmail.com]
Sent: Monday, November 07, 2005 9:51 AM
To: Planz
Cc: Mike Barkett; focus-ids@securityfocus.com
Subject: Re: IPv6 support in IDS/IPS products
I'm a little surprised. I have only heard back from two vendors that
claim to do full IPv6: NFR & ISS. I doubt this is an accurate
representation, so I'll try one more time. Has anybody heard anything
about the other products out there?
thanks,
D
On 11/3/05, Planz <planz2009@gmail.com> wrote:
> As per the below whitepaper, ISS is supporting IPv6 and
> corresponding tunneling to IPv4 and vice versa, but I have seen no
> claims by other verdors as well.
>
> http://documents.iss.net/whitepapers/IPv6.pdf
>
> Besides that, I read an interesting slide on IPv6 Security in the
> following link:
>
> http://www.wareonearth.com/whitepapers/IPv6SecurityIssues.pps
>
>
>
> Mike Barkett wrote:
>
> >David -
> >
> >I will pipe up for NFR. Our Sentivist Smart sensors are natively
> >capable
of
> >"all of the above" at the sensor engine level. Tunneling, full
> >analysis, everything. And we've been doing it for a couple of years
> >now.
> >
> >I cannot provide a list of vendors who do this, but I will say that I
> >was told 7 months ago by an IPv6 expert that we were the only IPS
> >vendor he
was
> >aware of who did it "properly". I don't know if that's
> >actually/still
true,
> >so I'd be very interested in seeing who else chimes in on this
> >thread.
> >
> >Not surprisingly, we find this feature to be very popular in the U.S.
> >government and overseas, particularly in Asia. What we try to
> >explain to the rest of the world is that even if they don't think
> >they are running IPv6, parts of their network may still be at risk of
> >a tunneled IPv6
attack.
> >
> >-MAB
> >
> >--
> >(nfr)(security)
> >Michael A Barkett, CISSP
> >Vice President, Systems Engineering
> >(www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512
> >
> >
> >
> >>-----Original Message-----
> >>From: David Williams [mailto:dwilliamsd@gmail.com]
> >>Sent: Sunday, October 30, 2005 9:53 AM
> >>To: focus-ids@securityfocus.com
> >>Subject: IPv6 support in IDS/IPS products
> >>
> >>Hi list,
> >>
> >>I've read that some IDS/IPS vendors can monitor IPv6, but not
> >>completely. For example, they might be able to alert on the
> >>presence of IPv6 traffic, but they can't actually do full analysis
> >>because they can't parse the headers correctly. Especially for
> >>things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6,
> >>etc.
> >>
> >>Does anybody have a list of which vendors support what, and to what
> >>extent?
> >>
> >>thanks,
> >>
> >>D
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >---
> >Test Your IDS
> >
> >Is your IDS deployed correctly?
> >Find out quickly and easily by testing it
> >with real-world attacks from CORE IMPACT.
> >Go to
> >http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> >to learn more.
>
>-----------------------------------------------------------------------
-
> >
> >
> >
> >
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Palmer, Paul (ISSAtlanta): "RE: RPC Evasion techniques"
- Maybe in reply to: Palmer, Paul (ISSAtlanta): "RE: IPv6 support in IDS/IPS products"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
