Re: IPv6 support in IDS/IPS products

• Previous message: pgarcia_at_eside.deusto.es: "Help for some ID documentation"
• In reply to: Planz: "Re: IPv6 support in IDS/IPS products"
• Next in thread: Scott Sloan: "RE: IPv6 support in IDS/IPS products"
• Reply: Scott Sloan: "RE: IPv6 support in IDS/IPS products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 7 Nov 2005 09:51:29 -0500
To: Planz <planz2009@gmail.com>

I'm a little surprised. I have only heard back from two vendors that
claim to do full IPv6: NFR & ISS. I doubt this is an accurate
representation, so I'll try one more time. Has anybody heard anything
about the other products out there?

thanks,

D

On 11/3/05, Planz <planz2009@gmail.com> wrote:
> As per the below whitepaper, ISS is supporting IPv6 and corresponding
> tunneling to IPv4 and vice versa, but I have seen no claims by other
> verdors as well.
>
> http://documents.iss.net/whitepapers/IPv6.pdf
>
> Besides that, I read an interesting slide on IPv6 Security in the
> following link:
>
> http://www.wareonearth.com/whitepapers/IPv6SecurityIssues.pps
>
>
>
> Mike Barkett wrote:
>
> >David -
> >
> >I will pipe up for NFR. Our Sentivist Smart sensors are natively capable of
> >"all of the above" at the sensor engine level. Tunneling, full analysis,
> >everything. And we've been doing it for a couple of years now.
> >
> >I cannot provide a list of vendors who do this, but I will say that I was
> >told 7 months ago by an IPv6 expert that we were the only IPS vendor he was
> >aware of who did it "properly". I don't know if that's actually/still true,
> >so I'd be very interested in seeing who else chimes in on this thread.
> >
> >Not surprisingly, we find this feature to be very popular in the U.S.
> >government and overseas, particularly in Asia. What we try to explain to
> >the rest of the world is that even if they don't think they are running
> >IPv6, parts of their network may still be at risk of a tunneled IPv6 attack.
> >
> >-MAB
> >
> >--
> >(nfr)(security)
> >Michael A Barkett, CISSP
> >Vice President, Systems Engineering
> >(www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512
> >
> >
> >
> >>-----Original Message-----
> >>From: David Williams [mailto:dwilliamsd@gmail.com]
> >>Sent: Sunday, October 30, 2005 9:53 AM
> >>To: focus-ids@securityfocus.com
> >>Subject: IPv6 support in IDS/IPS products
> >>
> >>Hi list,
> >>
> >>I've read that some IDS/IPS vendors can monitor IPv6, but not
> >>completely. For example, they might be able to alert on the
> >>presence of IPv6 traffic, but they can't actually do full analysis
> >>because they can't parse the headers correctly. Especially for
> >>things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6, etc.
> >>
> >>Does anybody have a list of which vendors support what, and to what
> >>extent?
> >>
> >>thanks,
> >>
> >>D
> >>
> >>
> >>
> >
> >
> >------------------------------------------------------------------------
> >Test Your IDS
> >
> >Is your IDS deployed correctly?
> >Find out quickly and easily by testing it
> >with real-world attacks from CORE IMPACT.
> >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> >to learn more.
> >------------------------------------------------------------------------
> >
> >
> >
> >
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

• Previous message: pgarcia_at_eside.deusto.es: "Help for some ID documentation"
• In reply to: Planz: "Re: IPv6 support in IDS/IPS products"
• Next in thread: Scott Sloan: "RE: IPv6 support in IDS/IPS products"
• Reply: Scott Sloan: "RE: IPv6 support in IDS/IPS products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]