Honeypots mailing list archives
Re: IPv6
From: "mb_lima" <mb_lima () uol com br>
Date: Fri, 20 Dec 2002 08:12:31 -0200
Hi folks, The situacion is very more complex. In IPv6 protocol, IPSEC is mandatory. So, the attacker can use DES or other to cipher all traffic tunneled. I think that several "new" security problems will happen in the IPv4-IPv6 trasition. Using the transition MEchanisms (6to4, for example)networks can introduce a backdoor via IPv6 networks. I think that future honeynets must to create IPv6 islands to see these new attacks. Regards, Marcelo
Let me see if I can field the answer to this question... on
the first part
of your question/comment yes they have to come in over IPv4,
however you can
only hope that your IDS catches them, intrusion detection do
es not pickup
every attack, and many times if you are running a large amou
nt of publicly
accessible servers sometimes what sets of the IDS is when so
meone penetrates
the machine and is in the midst of seeing what is out there,
and you or the
IDS can totally miss the initial compromise, especially if i
t is someone who
knows what they are doing and are using private exploits, so
they can
compromise the system quick and with a small footprint. Wit
h the launch of
IPv6 it gives the attacker the ability to tunnel out of the
network to
either another compromised network or to their personal netw
ork without
raising any flags with current IDS, hence the update to Snor
t.
I hope that cleared it up for you.... Jon Miller CISSP Sr. Security Engineer Covert Systems www.covertsystems.net ----- Original Message ----- From: "Hornat, Charles" <Charles_Hornat () standardandpoors com To: <honeypots () securityfocus com> Sent: Wednesday, December 18, 2002 10:42 AM Subject: FW: IPv6Hey Mike, Its been a while, how have you been? My question is base don this thought: In order for the at
tacker to
compromise the system, they would have used IP 4 and would
have been
caught by any existing IDS. Additionally, once they go th
rough the
trouble of getting IP6 to run on the compromised system, w
hat would they
do with it? Attack other IP6 systems? Perhaps there is a
n exploit in
IP6 that you missed? Seems like it adds complication and more possibility for problems and detection for the attacker to implement. Charles -------------------------------------------------------- The information contained in this message is intended only
for the
recipient, and may be a confidential attorney-
client communication or may
otherwise be privileged and confidential and protected from
disclosure. If
the reader of this message is not the intended recipient, or
an employee or
agent responsible for delivering this message to the intende
d recipient,
please be aware that any dissemination or copying of this co
mmunication is
strictly prohibited. If you have received this communication
in error,
please immediately notify us by replying to the message and
deleting it from
your computer.Thank you, Standard & Poor's --------------------------------------------------------
--- UOL, o melhor da Internet http://www.uol.com.br/
Current thread:
- Re: IPv6, (continued)
- Re: IPv6 Colin Stubbs (Dec 18)
- Re: IPv6 Chris Green (Dec 18)
- RE: IPv6 Hornat, Charles (Dec 18)
- RE: IPv6 mike (Dec 18)
- FW: IPv6 Hornat, Charles (Dec 18)
- Re: FW: IPv6 xbud (Dec 19)
- Re: FW: IPv6 mike (Dec 19)
- Re: IPv6 Jon Miller (Dec 19)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 Valdis . Kletnieks (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)