IDS mailing list archives

IPv6

From: Lance Spitzner <lance () honeynet org>
Date: Thu, 19 Dec 2002 10:33:08 -0600 (CST)

Recently one of the Honeynet Project's Solaris Honeynets was compromised.
What made this attack unique was IPv6 tunneling was enabled on the system,
with communications being forwarded to another country.  The attack and
communications were captured using Snort, however the data could not be
decoded due to the IPv6 encapsulation.

This made me consider, this activity could be used as a means of
"covert" communications or activity.  Many IDS systems, and potentially
many sniffers, have difficulty decoding IPv6 activity.  Was wondering if 
others had seen this activity, and the implications it may have to the IDS 
community?

lance

Current thread:

IPv6 Lance Spitzner (Dec 19)
- Re: IPv6 Steven Bairstow (Dec 20)
  - Re: IPv6 roy lo (Dec 23)
    - Re: IPv6 roy lo (Dec 23)
- Re: IPv6 Krzysztof Zaraska (Dec 23)