IDS mailing list archives
Re: IPv6
From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Sat, 21 Dec 2002 13:56:37 +0100
Hello, On Thu, 19 Dec 2002 10:33:08 -0600 (CST) Lance Spitzner <lance () honeynet org> wrote:
The attack and communications were captured using Snort, however the data could not be decoded due to the IPv6 encapsulation.
For the record, I've once came over a package that looks like snort with IPv6 support, however I have never evaluated it: http://www.tahi.org/~tanaka/snort/snort+ipv6-20011201.tgz What's not entirely clear to me is why you weren't able to decode IPv6 traffic. Was it caused by the fact that: - your software did not capture the IPv6 traffic, or captured it incorrectly - you have the (encapsulated) IPv6 traffic captured, but there is no, or you don't have, a protocol analyzer capable of decoding it - the IPv6 communication was protected with IPSEC Regards, Krzysztof -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem