Focus on IDS
IPv6 Dec 19 2002 04:33PM
Lance Spitzner (lance honeynet org) (2 replies)
Recently one of the Honeynet Project's Solaris Honeynets was compromised.
What made this attack unique was IPv6 tunneling was enabled on the system,
with communications being forwarded to another country. The attack and
communications were captured using Snort, however the data could not be
decoded due to the IPv6 encapsulation.

This made me consider, this activity could be used as a means of
"covert" communications or activity. Many IDS systems, and potentially
many sniffers, have difficulty decoding IPv6 activity. Was wondering if
others had seen this activity, and the implications it may have to the IDS
community?

lance

[ reply ]
Re: IPv6 Dec 21 2002 12:56PM
Krzysztof Zaraska (kzaraska student uci agh edu pl)
Re: IPv6 Dec 20 2002 06:14PM
Steven Bairstow (sab139 psu edu) (1 replies)
Re: IPv6 Dec 21 2002 04:53AM
roy lo (roylo sr2c com) (1 replies)
Re: IPv6 Dec 21 2002 05:06AM
roy lo (roylo sr2c com)


 

Privacy Statement
Copyright 2010, SecurityFocus