Hosting Provided By

IPv6

From: Lance Spitzner <lance(at)honeynet.org>
Date: Thu Dec 19 2002 - 11:33:08 EST

Recently one of the Honeynet Project's Solaris Honeynets was compromised. What made this attack unique was IPv6 tunneling was enabled on the system, with communications being forwarded to another country. The attack and communications were captured using Snort, however the data could not be decoded due to the IPv6 encapsulation.

This made me consider, this activity could be used as a means of "covert" communications or activity. Many IDS systems, and potentially many sniffers, have difficulty decoding IPv6 activity. Was wondering if others had seen this activity, and the implications it may have to the IDS community?

lance Received on Thu Dec 19 11:44:21 2002

This message: [ Message body ]
Next message: Martin, Michael W: "Partition Snort data in MySQL?"
Previous message: Dudley, Brian (ISS Chicago): "RE: A question about ISS gigabit network sensor."
Next in thread: Steven Bairstow: "Re: IPv6"
Reply: Steven Bairstow: "Re: IPv6"
Reply: Krzysztof Zaraska: "Re: IPv6"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT