Honeypots mailing list archives

Re: IPv6

From: "Jon Miller" <jon () humperdink net>
Date: Thu, 19 Dec 2002 06:02:57 -0800

Let me see if I can field the answer to this question... on the first part
of your question/comment yes they have to come in over IPv4, however you can
only hope that your IDS catches them, intrusion detection does not pickup
every attack, and many times if you are running a large amount of publicly
accessible servers sometimes what sets of the IDS is when someone penetrates
the machine and is in the midst of seeing what is out there, and you or the
IDS can totally miss the initial compromise, especially if it is someone who
knows what they are doing and are using private exploits, so they can
compromise the system quick and with a small footprint.  With the launch of
IPv6 it gives the attacker the ability to tunnel out of the network to
either another compromised network or to their personal network without
raising any flags with current IDS, hence the update to Snort.

I hope that cleared it up for you....

Jon Miller CISSP
Sr. Security Engineer
Covert Systems
www.covertsystems.net

----- Original Message -----
From: "Hornat, Charles" <Charles_Hornat () standardandpoors com>
To: <honeypots () securityfocus com>
Sent: Wednesday, December 18, 2002 10:42 AM
Subject: FW: IPv6


Hey Mike, Its been a while, how have you been?

My question is base don this thought:  In order for the attacker to
compromise the system, they would have used IP 4 and would have been
caught by any existing IDS.  Additionally, once they go through the
trouble of getting IP6 to run on the compromised system, what would they
do with it?  Attack other IP6 systems?  Perhaps there is an exploit in
IP6 that you missed?

Seems like it adds complication and more possibility
for problems and detection for the attacker to implement.

Charles



--------------------------------------------------------
The information contained in this message is intended only for the

recipient, and may be a confidential attorney-client communication or may
otherwise be privileged and confidential and protected from disclosure. If
the reader of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended recipient,
please be aware that any dissemination or copying of this communication is
strictly prohibited. If you have received this communication in error,
please immediately notify us by replying to the message and deleting it from
your computer.


Thank you,

Standard & Poor's

--------------------------------------------------------

Current thread:

IPv6 Lance Spitzner (Dec 17)
- Re: IPv6 Colin Stubbs (Dec 18)
- Re: IPv6 Chris Green (Dec 18)
  - Re: IPv6 Jose Nazario (Dec 19)
    - Re: IPv6 Valdis . Kletnieks (Dec 20)
- <Possible follow-ups>
- RE: IPv6 Hornat, Charles (Dec 18)
  - RE: IPv6 mike (Dec 18)
- FW: IPv6 Hornat, Charles (Dec 18)
  - Re: FW: IPv6 xbud (Dec 19)
  - Re: FW: IPv6 mike (Dec 19)
  - Re: IPv6 Jon Miller (Dec 19)
- Re: IPv6 mb_lima (Dec 20)
  - Re: IPv6 Valdis . Kletnieks (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)