Re: IPv6
From: roy lo (roylo@sr2c.com)
Date: 12/21/02
- Previous message: Martin Roesch: "EXPERIMENTAL IPv6 decoder available in Snort"
- In reply to: Steven Bairstow: "Re: IPv6"
- Next in thread: roy lo: "Re: IPv6"
- Reply: roy lo: "Re: IPv6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Dec 2002 23:53:34 -0500 From: roy lo <roylo@sr2c.com> To: Steven Bairstow <sab139@psu.edu>
I think it was used to perform the attack, I have heard this type of
attack from a friend of mine before awhile ago.
Steven Bairstow wrote:
>Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?
>
>
>
>>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>>What made this attack unique was IPv6 tunneling was enabled on the system,
>>with communications being forwarded to another country. The attack and
>>communications were captured using Snort, however the data could not be
>>decoded due to the IPv6 encapsulation.
>>
>>This made me consider, this activity could be used as a means of
>>"covert" communications or activity. Many IDS systems, and potentially
>>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>>others had seen this activity, and the implications it may have to the IDS
>>community?
>>
>>lance
>>
>>
>
>
>
>
-- Roy Lo Freelance Consultant E-mail - roylo@sr2c.com Sun Certified Network Administrator (SCNA) Sun Certified System Administrator (SCSA) Cisco Certified Network Associate (CCNA)
- Next message: roy lo: "Re: IPv6"
- Previous message: Martin Roesch: "EXPERIMENTAL IPv6 decoder available in Snort"
- In reply to: Steven Bairstow: "Re: IPv6"
- Next in thread: roy lo: "Re: IPv6"
- Reply: roy lo: "Re: IPv6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
