I think it was used to perform the attack, I have heard this type of
attack from a friend of mine before awhile ago.

Steven Bairstow wrote:

>Do you mean that IPv6 tunneling was turned on as part of the compromise? Or that it was used to perform the attack?
>
>
>
>>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>>What made this attack unique was IPv6 tunneling was enabled on the system,
>>with communications being forwarded to another country. The attack and
>>communications were captured using Snort, however the data could not be
>>decoded due to the IPv6 encapsulation.
>>
>>This made me consider, this activity could be used as a means of
>>"covert" communications or activity. Many IDS systems, and potentially
>>many sniffers, have difficulty decoding IPv6 activity. Was wondering if
>>others had seen this activity, and the implications it may have to the IDS
>>community?
>>
>>lance
>>
>>
>
>
>
>

--
Roy Lo
Freelance Consultant
E-mail - roylo (at) sr2c (dot) com [email concealed]

Sun Certified Network Administrator (SCNA)
Sun Certified System Administrator (SCSA)
Cisco Certified Network Associate (CCNA)

[ reply ]