Snort mailing list archives
Re: IPv6 Header
From: Albert Gonzalez <albertg () cerveau us>
Date: Wed, 28 Oct 2009 23:45:11 -0400
Edurne, The existing protocol keywords work with both IPv4/6. You can use BPF to control (via filters) whether your sensor only sees one or both protocols while sensing. You can specify IPv6 based addresses within your rulesets which can further assist in identifying the traffic and potential malicious activity. On top of that you can also specify the `ip_proto` option within your ruleset. And as of the Snort 2.8.4 release support was added to the frag3 preprocessor and various application level preprocessors (SMTP, FTP, DCE/RPC, Portscan, etc...) so that provides more extensive protection across the platform. I hope this helps with your questions, I have provided some links which reference what it seems you are interested in and attempting to tackle. http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/04/new-snort-release-with-ipv6-su.html http://marc.info/?l=snort-devel&m=121935131920776&w=2 http://marc.info/?l=snort-devel&m=121975623105073&w=2 Cheers, - Albert Gonzalez http://blog.cerveau.us "Success comes to the person who does today, what you are thinking of doing tomorrow." On Mon, 2009-10-26 at 23:30 +0100, Edurne Izaguirre wrote:
Hello everyone, I'm working with Snort in an IPv6 environments to make some experiments. And I have some question related to this topic. In the last Web Seminar it was said that all of Snort is supported on IPv6. However, it doesn't talk about the options made for the IP Header. Is there support enough to work with IP Header Fields? Is there options for the new fields? How does Snort work with the Extensions Header? What happens if our attacker puts some arbitrary routing or fragmentation header in the packet? Thank you very much, Edurne
Attachment:
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IPv6 Header Edurne Izaguirre (Oct 26)
- Re: IPv6 Header Albert Gonzalez (Oct 28)
- Re: IPv6 Header Edurne Izaguirre (Oct 31)
- Re: IPv6 Header Albert Gonzalez (Oct 28)