[ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions
Marc Heuse
mh at mh-sec.de
Fri Oct 16 11:43:32 CEST 2015
Hi,
On 16.10.2015 09:58, Andreas Herz wrote:
> On 16/10/15 at 08:47, Marc Heuse wrote:
>> There you also get a list of bypass attacks per IDS product.
>> spoiler alert: surricata is pretty good (but still fails for a few
>> cases), snort is not very good, and tippingpoint seems just to do the
>> basics to get an "IPv6 ready" sticker.
>
> Which rules did you use? Emerging Threats free/commercial? Shipped rules
> (suricata has some)?
for surricata it was all included free rules first, and at a later stage
we redid the tests with all the free snort rules imported into surricata
too.
I can email the config.
>> btw - I did not report these to the respective IDS developers (basically
>> too busy with customer projects and no contacts to the developers).
>> If someone wants to point them to slides and tool, they might be happy.
>
> I could take care of this, since i'm involved in suricata and also
> playing around with ipv6 at my workplace.
> But if you have a little more details to your tests besides the slides
> i would welcome it :)
contact me offlist for detailed questions :)
we dont want to spam this list ...
Greets,
Marc
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726
www.mh-sec.de
Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin
Ust.-Ident.-Nr.: DE244222388
PGP: AF3D 1D4C D810 F0BB 977D 3807 C7EE D0A0 6BE9 F573
More information about the Ipv6hackers
mailing list