Snort mailing list archives
Re: Snort 2.9.0.3 Now Available
From: Edward Fjellskål <edwardfjellskaal () gmail com>
Date: Mon, 27 Dec 2010 12:56:50 +0100
Hi, On Mon, Dec 27, 2010 at 11:56 AM, Leon Ward <lward () sourcefire com> wrote:
Hi, On 26 December 2010 22:21, waldo kitty <wkitty42 () windstream net> wrote: <snip>it requires IPv6 which is definitely not widespread or in use in many locations...Please don't take this the wrong way, but as long as we all keep telling ourselves that V6 isn't in wide use we're en-route to bigger problems that we have now. There is a load of v6 traffic in most v4-only networks I work on, it's just common for it to be dismissed by network people as "background noise". -Leon
I just wanted to say that I second that! I have worked in several places where *they* say that IPv6 is no "problem" because we dont use it, and then when I play (pentest etc) thats not true at all... There are two ways I like to have phun with IPv6. Internally, almost every OS comes with IPv6 default turned ON :) That means that jumping around from machine to machine on IPv6 has been fairly easy. In one server-center I was playing with the network, firewalls where set up so that I could not get out with IPv6, therefor they did not use IPv6 they claimed, and hench it should not be a problem. As they hosted several servers for customers, I got access to one.
From that server,
I could not connect to anything over IPv4, but switching to IPv6, I could reach darn many. As the servers where thought to be very locked down with firewall rules, the admin/root pw where rather weak :) and accessing RDP or SSH over IPv6 was no problem :) The second way is to make a IPv6 tunnel over IPv4. I have not done that in a while now, but it was quite phun to send sploits over the tunnel that the IDS/IPS dont pick up :) (Just to prove a point) It has also shown to work on non-free wifi on airports and hotels and such :) Instead of TCP over DNS or ICMP etc. /me recommends IPv6 when compiling snort :) E ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.9.0.3 Now Available Snort Releases (Dec 20)
- <Possible follow-ups>
- Snort 2.9.0.3 Now Available Snort Releases (Dec 20)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 21)
- Re: Snort 2.9.0.3 Now Available Azher Mughal (Dec 26)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 26)
- Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 26)
- Re: Snort 2.9.0.3 Now Available Leon Ward (Dec 27)
- Re: Snort 2.9.0.3 Now Available Edward Fjellskål (Dec 27)
- Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 27)
- Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 28)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 28)
- Re: Snort 2.9.0.3 Now Available James Kaufman (Dec 28)
- Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 28)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 29)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 21)
- Re: Snort 2.9.0.3 Now Available vincent (Dec 27)