Snort mailing list archives
Re: Snort IPv6
From: Eric Hines <eric.hines () appliedwatch com>
Date: Thu, 02 Feb 2006 15:52:54 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Martin, Approbation to the Sourcefire team for keeping this issue on your radar. I googled and saw your posting back in 2002 for an initial experimental release you made of Snort IPv6 support but never saw anything after that. I should preface this email with the fact that the OMB has made this a mandate for all federal agencies by June of the 2008 federal fiscal year, which certainly puts this on the radar for quite a lot of folks. Will the IPv6 support in Snort be GPLed and made as a part of the snort.org distribution or can you not comment on that this early? I as well as our customers would be happy to provide extensive testing for you in both 10/100 and multi-gig environments of any upcoming IPv6 experimental releases. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines () appliedwatch com - -------------------------------------------- "Enterprise Open Source Security Management" Martin Roesch wrote:
We have the same requirements at Sourcefire and we'll be addressing them in Snort as soon as we can. I think it'd be a bad idea to rewrite everything independent of Sourcefire because we'll be duplicating the work and we're likely to come up with different solutions. The "real answer" to this problem is to restructure Snort's decoder (as I've said before) so that it can gracefully handle layers/ encapsulation in a way that's not a big retrofit over everything we have. That's a big undertaking because to do it we need a new Packet struct. If you grep for "Packet" in Snort's source code you'll see this is a pretty serious refactoring effort. We definitely will be interested in getting feedback and testing from the community on the implementation as it becomes available, this is a big change and we don't make any claims that our in-house testing can be as all encompassing as the the diverse operating environments that all of you have at your fingertips. Anyway, stay tuned and sorry for the delay! -Marty On Feb 2, 2006, at 9:56 AM, Eric Hines wrote: Community: Recently, OMB (Office of Management and Budget) issued a mandate that all federal agencies be IPv6 compliant by 2008. This sparks the question of federal and military organizations who will be going through an IPv6 roll-out as to when Snort will have support for IPv6 addressing. I understand that previous attempts were made to make modifications to the Snort core for support of IPv6 but were abandoned and whether or not they are still being worked on is in question. My understanding is that support of IPv6 will require a rewrite of some, if not all, of Snort's Preprocessors and IPv6 support furthermore, can not be done simply with the use of a Preprocessor, rather modifications to the Snort core itself. Does anyone have any insight in to these efforts or can anyone answer intelligently to this issue. Does anyone know of a project currently being developed or worked on that is working towards this effort? Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines () appliedwatch com -------------------------------------------- "Enterprise Open Source Snort Management"
- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel? cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD4n81bOqF2QHgUK0RAiW0AKDUtouXdkDkJLEGaQKywmwP4kwaNQCfXmaS pXhlL3jQL3SREx4x07D1BHM= =fc1p -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alerting with snort Hubert Edward kIYIMBA (Jan 31)
- <Possible follow-ups>
- alerting with snort Hubert Edward kIYIMBA (Jan 31)
- Re: alerting with snort Matt Kettler (Jan 31)
- Snort IPv6 Eric Hines (Feb 02)
- Re: Snort IPv6 Martin Roesch (Feb 02)
- Re: Snort IPv6 Eric Hines (Feb 02)
- Re: Snort IPv6 Martin Roesch (Feb 03)