Re: IPv6

• Previous message: Justin Rossetti: "Announcement of ISS Advisor Web Community"
• In reply to: Lance Spitzner: "IPv6"
• Next in thread: roy lo: "Re: IPv6"
• Reply: roy lo: "Re: IPv6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Dec 2002 13:14:28 -0500
To: focus-ids@securityfocus.com
From: Steven Bairstow <sab139@psu.edu>

Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?

>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>What made this attack unique was IPv6 tunneling was enabled on the system,
>with communications being forwarded to another country. The attack and
>communications were captured using Snort, however the data could not be
>decoded due to the IPv6 encapsulation.
>
>This made me consider, this activity could be used as a means of
>"covert" communications or activity. Many IDS systems, and potentially
>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>others had seen this activity, and the implications it may have to the IDS
>community?
>
>lance

-- 
Steven Bairstow                  http://www.personal.psu.edu/~sab139
Computer and Network Services - Sutherland Building
Penn State University - Abington College
"The machine is a marvelous simplifier... and may be the modern
emancipator of the creative mind." -- Frank Lloyd Wright

• Next message: Martin Roesch: "EXPERIMENTAL IPv6 decoder available in Snort"
• Previous message: Justin Rossetti: "Announcement of ISS Advisor Web Community"
• In reply to: Lance Spitzner: "IPv6"
• Next in thread: roy lo: "Re: IPv6"
• Reply: roy lo: "Re: IPv6"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]