Re: IPv6 support in IDS/IPS products

From: David Williams (dwilliamsd_at_gmail.com)
Date: 11/07/05

  • Next message: Arun Vishwanathan: "RE: Intrusion Prevention requirements document"
    Date: Mon, 7 Nov 2005 09:51:29 -0500
    To: Planz <planz2009@gmail.com>
    
    

    I'm a little surprised. I have only heard back from two vendors that
    claim to do full IPv6: NFR & ISS. I doubt this is an accurate
    representation, so I'll try one more time. Has anybody heard anything
    about the other products out there?

    thanks,

    D

    On 11/3/05, Planz <planz2009@gmail.com> wrote:
    > As per the below whitepaper, ISS is supporting IPv6 and corresponding
    > tunneling to IPv4 and vice versa, but I have seen no claims by other
    > verdors as well.
    >
    > http://documents.iss.net/whitepapers/IPv6.pdf
    >
    > Besides that, I read an interesting slide on IPv6 Security in the
    > following link:
    >
    > http://www.wareonearth.com/whitepapers/IPv6SecurityIssues.pps
    >
    >
    >
    > Mike Barkett wrote:
    >
    > >David -
    > >
    > >I will pipe up for NFR. Our Sentivist Smart sensors are natively capable of
    > >"all of the above" at the sensor engine level. Tunneling, full analysis,
    > >everything. And we've been doing it for a couple of years now.
    > >
    > >I cannot provide a list of vendors who do this, but I will say that I was
    > >told 7 months ago by an IPv6 expert that we were the only IPS vendor he was
    > >aware of who did it "properly". I don't know if that's actually/still true,
    > >so I'd be very interested in seeing who else chimes in on this thread.
    > >
    > >Not surprisingly, we find this feature to be very popular in the U.S.
    > >government and overseas, particularly in Asia. What we try to explain to
    > >the rest of the world is that even if they don't think they are running
    > >IPv6, parts of their network may still be at risk of a tunneled IPv6 attack.
    > >
    > >-MAB
    > >
    > >--
    > >(nfr)(security)
    > >Michael A Barkett, CISSP
    > >Vice President, Systems Engineering
    > >(www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512
    > >
    > >
    > >
    > >>-----Original Message-----
    > >>From: David Williams [mailto:dwilliamsd@gmail.com]
    > >>Sent: Sunday, October 30, 2005 9:53 AM
    > >>To: focus-ids@securityfocus.com
    > >>Subject: IPv6 support in IDS/IPS products
    > >>
    > >>Hi list,
    > >>
    > >>I've read that some IDS/IPS vendors can monitor IPv6, but not
    > >>completely. For example, they might be able to alert on the
    > >>presence of IPv6 traffic, but they can't actually do full analysis
    > >>because they can't parse the headers correctly. Especially for
    > >>things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6, etc.
    > >>
    > >>Does anybody have a list of which vendors support what, and to what
    > >>extent?
    > >>
    > >>thanks,
    > >>
    > >>D
    > >>
    > >>
    > >>
    > >
    > >
    > >------------------------------------------------------------------------
    > >Test Your IDS
    > >
    > >Is your IDS deployed correctly?
    > >Find out quickly and easily by testing it
    > >with real-world attacks from CORE IMPACT.
    > >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > >to learn more.
    > >------------------------------------------------------------------------
    > >
    > >
    > >
    > >
    >
    >

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: Arun Vishwanathan: "RE: Intrusion Prevention requirements document"

    Relevant Pages

    • RE: IPv6 support in IDS/IPS products
      ... What is the performance hit when turning on this feature within NFR and ISS? ... IPv6 support in IDS/IPS products ...
      (Focus-IDS)
    • Re: RE: IPv6 support in IDS/IPS products
      ... etc. IPv6 can be viewed as a checkbox if you don't ask the ... all the IPv6 methods, IPv6 tunnels, and other weirdness that I ... For example, in IPv4 a typical header is normally 20bytes, but could ... I seriously doubt most vendors have ...
      (Focus-IDS)
    • RE: IPv6 support in IDS/IPS products
      ... "all of the above" at the sensor engine level. ... Tunneling, full analysis, ... I cannot provide a list of vendors who do this, but I will say that I was ... IPv6, parts of their network may still be at risk of a tunneled IPv6 attack. ...
      (Focus-IDS)