[ipv6hackers] IDS/IPS state of the art

Marksteiner, Stefan stefan.marksteiner at joanneum.at
Thu Jul 18 17:31:03 CEST 2013


Hi Omar,

as Antonios said, the analysis of IPv6 is not yet effective. Additionally the market is also not yet big and therefore not so attractive. This leads not only to technical issues which can be used to circumvent IDS devices (as stated in Antonios' presentations) but also to a lack of signatures and other measures to detect IPv6 attacks even without evasive methods. Many vendors are plainly still not able to detect basic and well-known IPv6 attack patterns.

Cheers,

Stefan

> -----Urspr√ľngliche Nachricht-----
> Von: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] Im Auftrag von Antonios Atlasis
> Gesendet: Mittwoch, 17. Juli 2013 18:35
> An: IPv6 Hackers Mailing List
> Betreff: Re: [ipv6hackers] IDS/IPS state of the art
> 
> Hi Omar,
> 
> you can find some comments as well as comparative results in the following
> two prestos:
> https://www.troopers.de/wp-content/uploads/2013/01/TROOPERS13-
> IPv6_Extension_Headers_New_Features_and_New_Attack_Vectors-
> Antonios_Atlasis.pdf
> 
> https://www.troopers.de/wp-content/uploads/2013/01/TROOPERS13-
> Fragmentation_Overlapping_Attacks_Against_IPv6_One_Year_Later-
> Antonios_Atlasis.pdf
> 
> IMHO the main issue is the examinations/analysis of the new IPv6 features,
> which seems not to be that effective yet.
> 
> Antonios
> 
> 
> 2013/7/16 ZAMANI Omar <Omar.ZAMANI at solucom.fr>
> 
> > Good morning/evening everyone !
> >
> >
> >
> > I'm curious about the maturity level of network prevention and
> > detection systems as regards IPv6.
> >
> >
> >
> > *         Do they provide the same level of functionality and tuning as
> > they do in IPv4 ?
> >
> >
> >
> > *         Are they able to analyze IPv6 traffic effectively regardless
> > of its profile (tunneled, fragmented, w/o extensions headers etc.)
> >
> >
> >
> > Thank you for your replies !
> >
> >
> >
> >
> >
> >
> >
> > Omar ZAMANI
> >
> >
> >
> >
> >
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> >
> 
> 
> 
> --
> =====================
> Antonios Atlasis, PhD, MPhil
> GXPN, GREM, GPEN, GWAPT, CCIH, GCIA
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list