Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?
>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>What made this attack unique was IPv6 tunneling was enabled on the system,
>with communications being forwarded to another country. The attack and
>communications were captured using Snort, however the data could not be
>decoded due to the IPv6 encapsulation.
>
>This made me consider, this activity could be used as a means of
>"covert" communications or activity. Many IDS systems, and potentially
>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>others had seen this activity, and the implications it may have to the IDS
>community?
>
>lance
--
Steven Bairstow http://www.personal.psu.edu/~sab139
Computer and Network Services - Sutherland Building
Penn State University - Abington College
"The machine is a marvelous simplifier... and may be the modern
emancipator of the creative mind." -- Frank Lloyd Wright
>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>What made this attack unique was IPv6 tunneling was enabled on the system,
>with communications being forwarded to another country. The attack and
>communications were captured using Snort, however the data could not be
>decoded due to the IPv6 encapsulation.
>
>This made me consider, this activity could be used as a means of
>"covert" communications or activity. Many IDS systems, and potentially
>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>others had seen this activity, and the implications it may have to the IDS
>community?
>
>lance
--
Steven Bairstow http://www.personal.psu.edu/~sab139
Computer and Network Services - Sutherland Building
Penn State University - Abington College
"The machine is a marvelous simplifier... and may be the modern
emancipator of the creative mind." -- Frank Lloyd Wright
[ reply ]