IDS mailing list archives

Re: IPv6

From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Sat, 21 Dec 2002 13:56:37 +0100

Hello,

On Thu, 19 Dec 2002 10:33:08 -0600 (CST)
Lance Spitzner <lance () honeynet org> wrote:

The attack and
communications were captured using Snort, however the data could not be
decoded due to the IPv6 encapsulation.


For the record, I've once came over a package that looks like snort with
IPv6 support, however I have never evaluated it:
http://www.tahi.org/~tanaka/snort/snort+ipv6-20011201.tgz

What's not entirely clear to me is why you weren't able to decode IPv6
traffic. Was it caused by the fact that:

- your software did not capture the IPv6 traffic, or captured it
incorrectly

- you have the (encapsulated) IPv6 traffic captured, but there is no, or
you don't have, a protocol analyzer capable of decoding it

- the IPv6 communication was protected with IPSEC

Regards,
Krzysztof

-- 
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//              -- Stanislaw Lem

Current thread:

IPv6 Lance Spitzner (Dec 19)
- Re: IPv6 Steven Bairstow (Dec 20)
  - Re: IPv6 roy lo (Dec 23)
    - Re: IPv6 roy lo (Dec 23)
- Re: IPv6 Krzysztof Zaraska (Dec 23)