Re: IPv6

["mb_lima" <mb_lima () uol com br>]

 Hi folks,

  The situacion is very more complex. In IPv6 protocol, IPSEC
is mandatory. So, the attacker can use DES or other to cipher
all traffic tunneled. I think that several "new" security
problems will happen in the IPv4-IPv6 trasition. Using the
transition MEchanisms (6to4, for example)networks can
introduce a backdoor via IPv6 networks. I think that future
honeynets must to create IPv6 islands to see these new
attacks. Regards,

   Marcelo

> Let me see if I can field the answer to this question... on
the first part
> of your question/comment yes they have to come in over IPv4,
 however you can
> only hope that your IDS catches them, intrusion detection do
es not pickup
> every attack, and many times if you are running a large amou
nt of publicly
> accessible servers sometimes what sets of the IDS is when so
meone penetrates
> the machine and is in the midst of seeing what is out there,
 and you or the
> IDS can totally miss the initial compromise, especially if i
t is someone who
> knows what they are doing and are using private exploits, so
 they can
> compromise the system quick and with a small footprint.  Wit
h the launch of
> IPv6 it gives the attacker the ability to tunnel out of the
network to
> either another compromised network or to their personal netw
ork without
> raising any flags with current IDS, hence the update to Snor
t.
> I hope that cleared it up for you....
>
> Jon Miller CISSP
> Sr. Security Engineer
> Covert Systems
> www.covertsystems.net
>
> ----- Original Message -----
> From: "Hornat, Charles" <Charles_Hornat () standardandpoors com
>
> To: <honeypots () securityfocus com>
> Sent: Wednesday, December 18, 2002 10:42 AM
> Subject: FW: IPv6
>
>
> > Hey Mike, Its been a while, how have you been?
> >
> > My question is base don this thought:  In order for the at
tacker to
> > compromise the system, they would have used IP 4 and would
 have been
> > caught by any existing IDS.  Additionally, once they go th
rough the
> > trouble of getting IP6 to run on the compromised system, w
hat would they
> > do with it?  Attack other IP6 systems?  Perhaps there is a
n exploit in
> > IP6 that you missed?
> >
> > Seems like it adds complication and more possibility
> > for problems and detection for the attacker to implement.
> >
> > Charles
> >
> >
> >
> > --------------------------------------------------------
> > The information contained in this message is intended only
 for the
> recipient, and may be a confidential attorney-
client communication or may
> otherwise be privileged and confidential and protected from
disclosure. If
> the reader of this message is not the intended recipient, or
 an employee or
> agent responsible for delivering this message to the intende
d recipient,
> please be aware that any dissemination or copying of this co
mmunication is
> strictly prohibited. If you have received this communication
 in error,
> please immediately notify us by replying to the message and
deleting it from
> your computer.
> > Thank you,
> >
> > Standard & Poor's
> >
> > --------------------------------------------------------


---
UOL, o melhor da Internet
http://www.uol.com.br/