Re: nids for ipv6

[Ken Renard <kdrenard () wareonearth com>]

> Snort (http://www.snort.org) supports IPv6, although at what version 
> number that support came in I'm not sure of

As of snort-2.1.1 (Feb 2004), the only thing snort does with IPv6 
packets is count them.

I have made mods to snort-2.0.1 to support IPv6 throughout the core of 
snort, as well as supporting a few IPv6 features (such as search on 
flow field of IPv6 header, and icmpv6 header processing).  It is not 
"complete" IPv6 support, but most of the applicable IPv4 support is 
available for IPv6.

I am currently integrating these mods into snort-2.1.1.

To date, I have been unable to get a response from the snort 
maintainers as to whether they would like these mods or not.  I would 
be wiling to share my mods (once they're completed for 2.1.1) for 
testing purposes.  Any help getting this tested and put into the main 
dist would be greatly appreciated!

-Ken Renard




---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------