Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IPv6 support in IDS/IPS products

from [Palmer, Paul (ISSAtlanta)] Network Security [Permanent Link]
Subject: RE: IPv6 support in IDS/IPS products
Date: Wed, 9 Nov 2005 19:06:27 -0500 
It is enabled by default in the ISS products. There is no performance
hit.

-----Original Message-----
From: Scott Sloan [mailto:swsloan.ml@gmail.com] 
Sent: Monday, November 07, 2005 4:49 PM
To: 'David Williams'; 'Planz'
Cc: 'Mike Barkett'; focus-ids@securityfocus.com
Subject: RE: IPv6 support in IDS/IPS products


What is the performance hit when turning on this feature within NFR and
ISS?

-Scott

-----Original Message-----
From: David Williams [mailto:dwilliamsd@gmail.com] 
Sent: Monday, November 07, 2005 9:51 AM
To: Planz
Cc: Mike Barkett; focus-ids@securityfocus.com
Subject: Re: IPv6 support in IDS/IPS products

I'm a little surprised.  I have only heard back from two vendors that
claim to do full IPv6: NFR & ISS.  I doubt this is an accurate
representation, so I'll try one more time.  Has anybody heard anything
about the other products out there?

thanks,

D


On 11/3/05, Planz <planz2009@gmail.com> wrote:

  As per the below whitepaper, ISS is supporting IPv6 and 
corresponding tunneling to IPv4 and vice versa, but I have seen no 
claims by other verdors as well.

http://documents.iss.net/whitepapers/IPv6.pdf

Besides that, I read an interesting slide on IPv6 Security in the 
following link:

http://www.wareonearth.com/whitepapers/IPv6SecurityIssues.pps



Mike Barkett wrote:


David -

I will pipe up for NFR.  Our Sentivist Smart sensors are natively 
capable

of

"all of the above" at the sensor engine level.  Tunneling, full 
analysis, everything.  And we've been doing it for a couple of years 
now.

I cannot provide a list of vendors who do this, but I will say that I



was told 7 months ago by an IPv6 expert that we were the only IPS 
vendor he

was

aware of who did it "properly".  I don't know if that's 
actually/still

true,

so I'd be very interested in seeing who else chimes in on this 
thread.

Not surprisingly, we find this feature to be very popular in the U.S.



government and overseas, particularly in Asia.  What we try to 
explain to the rest of the world is that even if they don't think 
they are running IPv6, parts of their network may still be at risk of



a tunneled IPv6

attack.


-MAB

--
(nfr)(security)
Michael A Barkett, CISSP
Vice President, Systems Engineering
(www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512




-----Original Message-----
From: David Williams [mailto:dwilliamsd@gmail.com]
Sent: Sunday, October 30, 2005 9:53 AM
To: focus-ids@securityfocus.com
Subject: IPv6 support in IDS/IPS products

Hi list,

I've read that some IDS/IPS vendors can monitor IPv6, but not 
completely.  For example, they might be able to alert on the 
presence of IPv6 traffic, but they can't actually do full analysis 
because they can't parse the headers correctly.  Especially for 
things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6, 
etc.

Does anybody have a list of which vendors support what, and to what 
extent?

thanks,

D






---------------------------------------------------------------------
---
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.


-----------------------------------------------------------------------

-










------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: IPv6 support in IDS/IPS products, David Williams
Next by Date:  Re: IPv6 support in IDS/IPS products, Jim Bauer
Previous by Thread:  Re: RE: IPv6 support in IDS/IPS products, David Williams
Next by Thread:  BASE 1.2.1 (kris) released (Security Fix included!), Kevin Johnson
Indexes:  [Date] [Thread] [Top] [All Lists]