Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IPv6 support in IDS/IPS products

from [Palmer, Paul (ISSAtlanta)] Network Security [Permanent Link]
Subject: RE: IPv6 support in IDS/IPS products
Date: Thu, 3 Nov 2005 14:53:12 -0500 
I do not know anyone who has prepared a list of which IDS/IPS products
support IPv6 and to what extent. It sounds like a golden opportunity for
NSS to expand on their already world-class testing process and reports
;)

The vendors that support it will likely take this opportunity to chime
in. For our part, ISS supports IPv6. We recognize, report, and protect
against attacks within IPv6 itself as well as fully decode the protocol
to support all the different tunneling modes we have been able to
discover: Native 6, 6 in 6, 6 in 4, 4 in 6, 6 over UDP (Teredo), 6 over
GRE, 6 in GTP, 6 in 4 in GTP, 6 in 4 over GRE, etc. Any of our
algorithms that trigger on traffic transmitted over IPv4 would also
trigger if the traffic were transmitted over IPv6 or any of the various
tunnel configurations.

Paul

-----Original Message-----
From: David Williams [mailto:dwilliamsd@gmail.com] 
Sent: Sunday, October 30, 2005 9:53 AM
To: focus-ids@securityfocus.com
Subject: IPv6 support in IDS/IPS products


Hi list,

I've read that some IDS/IPS vendors can monitor IPv6, but not
completely.  For example, they might be able to alert on the presence of
IPv6 traffic, but they can't actually do full analysis because they
can't parse the headers correctly.  Especially for things like IPv6
tunneled over IPv4, or IPv6 tunneled over IPv6, etc.

Does anybody have a list of which vendors support what, and to what
extent?

thanks,

D

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Intrusion Prevention requirements document, Arun Vishwanathan
Next by Date:  RE: RPC Evasion techniques, Palmer, Paul (ISSAtlanta)
Previous by Thread:  Re: IPv6 support in IDS/IPS products, Mike Frantzen
Next by Thread:  Re: RE: IPv6 support in IDS/IPS products, barcajax
Indexes:  [Date] [Thread] [Top] [All Lists]