IDS mailing list archives
Re: nids for ipv6
From: Byron Sonne <blsonne () rogers com>
Date: Fri, 12 Mar 2004 16:32:19 -0500
As of snort-2.1.1 (Feb 2004), the only thing snort does with IPv6 packets is count them.
That would explain why I had to dig so much to find out about it... but what about SID 411-414? Seems to me the framework is there and all that needs to be done is write the rules to handle what it is your after.
Of course, I wouldn't be surprised if more in depth stuff such as flag or option analysis wasn't up to snuff. Admittedly I haven't looked in depth into this. Perhaps one might do better on a system with better IPv6 support/integration like OpenBSD?
-- For Good, return Good. For Evil, return Justice. --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT.Visit: www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Current thread:
- nids for ipv6 Joe Hickory (Mar 08)
- Re: nids for ipv6 David W. Goodrum (Mar 08)
- Re: nids for ipv6 Byron Sonne (Mar 12)
- Re: nids for ipv6 Ken Renard (Mar 15)
- Re: nids for ipv6 Byron Sonne (Mar 15)
- Re: nids for ipv6 Ken Renard (Mar 15)
- Re: nids for ipv6 Greg Taleck (Mar 12)
- <Possible follow-ups>
- RE: nids for ipv6 Brito, Nelson (ISS Brazil) (Mar 15)