Hackers beat us to IPv6 Early Adopters. ;)

- kalyan


>Subject: IPv6
>Date: Tue, 17 Dec 2002 20:34:33 -0600 (CST)
>From: Lance Spitzner <lance@...>
>
>Recently one of the Honeynet Project's Solaris Honeynets was compromised.
>What made this attack unique was after breaking into the system, the
>attackers enabled IPv6 tunneling on the system, with communications being
>forwarded to another country. The attack and communications were captured
>using Snort, however the data could not be decoded due to the IPv6
>tunneling. Also, once tunneled, this could potentialy disable/bypass the
>capabilities of some IDS systems.
>
>Marty is addressing this issue and has added IPv6 decode support to
>Snort. Its not part of Snort current (2.0) yet, its still in the
>process of testing. If you would like to test this new capability,
>you can find it online at
>
> http://www.snort.org/~roesch/
>
>Marty's looking for feedback. As IPv6 usage spreads, especially in
>Asia, you will want to be prepared for it. Keep in mind, even in
>IPv4 environments (as was our Solaris Honeynet) attackers can
>encode their data in IPv6 and then tunnel it through IPv4. We will
>most likely being seeing more of this type of behavior.
>
>Just a friendly heads-up :)
>
>--
>Lance Spitzner
>http://www.tracking-hackers.com