[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Dicembre 2002 ml@sikurezza.org
Soggetto: FW: EXPERIMENTAL IPv6 decoder available in Snort
Mittente: marco misitano
Data: 23 Dec 2002 18:55:53 -0000
Saró fissato con l' IPv6 ?

-----Original Message-----
From: Martin Roesch [mailto:roesch@sourcefire.com] 
Sent: Saturday, 21 December, 2002 02:45 AM
To: focus-ids@securityfocus.com
Subject: EXPERIMENTAL IPv6 decoder available in Snort

Hi everyone,
     Following up Lance's message regarding the usage of IPv6 tunneling
on a honeynet, I'd like to announce the availability of an
*experimental* version of Snort with an IPv6 decoder.  This decoder is
implemented to test Snort's capability to analyze IPv6 and IPv6 tunneled
over IPv4.  Currently it consists of a decoder and printing module only,
so if you want to test it and see the v6 output, just run 'snort -dv'.

If people would like to test the code out and see if it's working
properly, it can be downloaded and tested at:


This code currently doesn't have any components integrated into the
detection engine, so you can't tell Snort to look at IPv6 addresses or
header fields using the rules language yet.  It is capable of looking
for standard embedded protocol headers and payloads in IPv6 tunneled
over IPv4.

If people would like to test this code out, I'm primarily interested in
seeing if the code is stable and capable of decoding all v6 traffic
without any memory leaks or crashes.  Unfortunately, my ability to
generate v6 traffic for testing purposes is extremely limited right now,
so I'm depending on people with access to the right kind of networks to
help out!

Once I'm happy with the decoder, I'll integrate IPv6 support into the
detection engine!


Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

http://www.sikurezza.org - Italian Security Mailing List

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005