[ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions

Marc Heuse mh at mh-sec.de
Fri Oct 16 11:43:32 CEST 2015


On 16.10.2015 09:58, Andreas Herz wrote:
> On 16/10/15 at 08:47, Marc Heuse wrote:
>> There you also get a list of bypass attacks per IDS product.
>> spoiler alert: surricata is pretty good (but still fails for a few
>> cases), snort is not very good, and tippingpoint seems just to do the
>> basics to get an "IPv6 ready" sticker.
> Which rules did you use? Emerging Threats free/commercial? Shipped rules
> (suricata has some)?

for surricata it was all included free rules first, and at a later stage
we redid the tests with all the free snort rules imported into surricata
I can email the config.

>> btw - I did not report these to the respective IDS developers (basically
>> too busy with customer projects and no contacts to the developers).
>> If someone wants to point them to slides and tool, they might be happy.
> I could take care of this, since i'm involved in suricata and also
> playing around with ipv6 at my workplace. 
> But if you have a little more details to your tests besides the slides
> i would welcome it :)

contact me offlist for detailed questions :)
we dont want to spam this list ...


Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: AF3D 1D4C D810 F0BB 977D  3807 C7EE D0A0 6BE9 F573

More information about the Ipv6hackers mailing list