IDS mailing list archives
RE: IPv6 support in IDS/IPS products
From: "Mike Barkett" <mbarkett () nfr com>
Date: Thu, 3 Nov 2005 11:55:35 -0500
David - I will pipe up for NFR. Our Sentivist Smart sensors are natively capable of "all of the above" at the sensor engine level. Tunneling, full analysis, everything. And we've been doing it for a couple of years now. I cannot provide a list of vendors who do this, but I will say that I was told 7 months ago by an IPv6 expert that we were the only IPS vendor he was aware of who did it "properly". I don't know if that's actually/still true, so I'd be very interested in seeing who else chimes in on this thread. Not surprisingly, we find this feature to be very popular in the U.S. government and overseas, particularly in Asia. What we try to explain to the rest of the world is that even if they don't think they are running IPv6, parts of their network may still be at risk of a tunneled IPv6 attack. -MAB -- (nfr)(security) Michael A Barkett, CISSP Vice President, Systems Engineering (www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512
-----Original Message----- From: David Williams [mailto:dwilliamsd () gmail com] Sent: Sunday, October 30, 2005 9:53 AM To: focus-ids () securityfocus com Subject: IPv6 support in IDS/IPS products Hi list, I've read that some IDS/IPS vendors can monitor IPv6, but not completely. For example, they might be able to alert on the presence of IPv6 traffic, but they can't actually do full analysis because they can't parse the headers correctly. Especially for things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6, etc. Does anybody have a list of which vendors support what, and to what extent? thanks, D
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IPv6 support in IDS/IPS products David Williams (Nov 03)
- RE: IPv6 support in IDS/IPS products Mike Barkett (Nov 03)
- Re: IPv6 support in IDS/IPS products Planz (Nov 07)
- Re: IPv6 support in IDS/IPS products David Williams (Nov 07)
- RE: IPv6 support in IDS/IPS products Scott Sloan (Nov 09)
- RE: IPv6 support in IDS/IPS products Mike Barkett (Nov 09)
- RE: IPv6 support in IDS/IPS products Scott Sloan (Nov 09)
- Re: IPv6 support in IDS/IPS products Jim Bauer (Nov 10)
- Re: IPv6 support in IDS/IPS products Mike Frantzen (Nov 10)
- Re: IPv6 support in IDS/IPS products Planz (Nov 07)
- RE: IPv6 support in IDS/IPS products Mike Barkett (Nov 03)
- <Possible follow-ups>
- RE: IPv6 support in IDS/IPS products Palmer, Paul (ISSAtlanta) (Nov 07)
- Re: RE: IPv6 support in IDS/IPS products barcajax (Nov 09)
- Re: RE: IPv6 support in IDS/IPS products David Williams (Nov 10)