Honeypots mailing list archives
Re: IPv6
From: "Jon Miller" <jon () humperdink net>
Date: Thu, 19 Dec 2002 06:02:57 -0800
Let me see if I can field the answer to this question... on the first part of your question/comment yes they have to come in over IPv4, however you can only hope that your IDS catches them, intrusion detection does not pickup every attack, and many times if you are running a large amount of publicly accessible servers sometimes what sets of the IDS is when someone penetrates the machine and is in the midst of seeing what is out there, and you or the IDS can totally miss the initial compromise, especially if it is someone who knows what they are doing and are using private exploits, so they can compromise the system quick and with a small footprint. With the launch of IPv6 it gives the attacker the ability to tunnel out of the network to either another compromised network or to their personal network without raising any flags with current IDS, hence the update to Snort. I hope that cleared it up for you.... Jon Miller CISSP Sr. Security Engineer Covert Systems www.covertsystems.net ----- Original Message ----- From: "Hornat, Charles" <Charles_Hornat () standardandpoors com> To: <honeypots () securityfocus com> Sent: Wednesday, December 18, 2002 10:42 AM Subject: FW: IPv6
Hey Mike, Its been a while, how have you been? My question is base don this thought: In order for the attacker to compromise the system, they would have used IP 4 and would have been caught by any existing IDS. Additionally, once they go through the trouble of getting IP6 to run on the compromised system, what would they do with it? Attack other IP6 systems? Perhaps there is an exploit in IP6 that you missed? Seems like it adds complication and more possibility for problems and detection for the attacker to implement. Charles -------------------------------------------------------- The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.
Thank you, Standard & Poor's --------------------------------------------------------
Current thread:
- IPv6 Lance Spitzner (Dec 17)
- <Possible follow-ups>
- RE: IPv6 Hornat, Charles (Dec 18)
- RE: IPv6 mike (Dec 18)
- FW: IPv6 Hornat, Charles (Dec 18)
- Re: FW: IPv6 xbud (Dec 19)
- Re: FW: IPv6 mike (Dec 19)
- Re: IPv6 Jon Miller (Dec 19)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 Valdis . Kletnieks (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)
- Re: IPv6 mb_lima (Dec 20)