IDS mailing list archives
IPv6
From: Lance Spitzner <lance () honeynet org>
Date: Thu, 19 Dec 2002 10:33:08 -0600 (CST)
Recently one of the Honeynet Project's Solaris Honeynets was compromised. What made this attack unique was IPv6 tunneling was enabled on the system, with communications being forwarded to another country. The attack and communications were captured using Snort, however the data could not be decoded due to the IPv6 encapsulation. This made me consider, this activity could be used as a means of "covert" communications or activity. Many IDS systems, and potentially many sniffers, have difficulty decoding IPv6 activity. Was wondering if others had seen this activity, and the implications it may have to the IDS community? lance