Re: IPv6

[roy lo <roylo () sr2c com>]

I think it was used to perform the attack, I have heard this type of 
attack from a friend of mine before awhile ago.

Steven Bairstow wrote:

> Do you mean that IPv6 tunneling was turned on as part of the compromise?  Or that it was used to perform the attack?
>
>  
>
> > Recently one of the Honeynet Project's Solaris Honeynets was compromised.
> > What made this attack unique was IPv6 tunneling was enabled on the system,
> > with communications being forwarded to another country.  The attack and
> > communications were captured using Snort, however the data could not be
> > decoded due to the IPv6 encapsulation.
> >
> > This made me consider, this activity could be used as a means of
> > "covert" communications or activity.  Many IDS systems, and potentially
> > many sniffers, have difficulty decoding IPv6 activity.  Was wondering if
> > others had seen this activity, and the implications it may have to the IDS
> > community?
> >
> > lance
> >    
>
>
>  


--
Roy Lo  
Freelance Consultant 
E-mail -  roylo () sr2c com


Sun Certified Network Administrator (SCNA)
Sun Certified System Administrator (SCSA)
Cisco Certified Network Associate (CCNA)