Re: [Snort-users] Snort IPv6
This is a discussion on Re: [Snort-users] Snort IPv6 within the Snort forums, part of the System Security and Security Related category; We have the same requirements at Sourcefire and we'll be addressing them in Snort as soon as we can. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-02-2006
|
|||
|
|||
Re: [Snort-users] Snort IPv6
We have the same requirements at Sourcefire and we'll be addressing
them in Snort as soon as we can. I think it'd be a bad idea to rewrite everything independent of Sourcefire because we'll be duplicating the work and we're likely to come up with different solutions. The "real answer" to this problem is to restructure Snort's decoder (as I've said before) so that it can gracefully handle layers/ encapsulation in a way that's not a big retrofit over everything we have. That's a big undertaking because to do it we need a new Packet struct. If you grep for "Packet" in Snort's source code you'll see this is a pretty serious refactoring effort. We definitely will be interested in getting feedback and testing from the community on the implementation as it becomes available, this is a big change and we don't make any claims that our in-house testing can be as all encompassing as the the diverse operating environments that all of you have at your fingertips. Anyway, stay tuned and sorry for the delay! -Marty On Feb 2, 2006, at 9:56 AM, Eric Hines wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Community: > > Recently, OMB (Office of Management and Budget) issued a mandate that > all federal agencies be IPv6 compliant by 2008. This sparks the > question > of federal and military organizations who will be going through an > IPv6 > roll-out as to when Snort will have support for IPv6 addressing. > > I understand that previous attempts were made to make modifications to > the Snort core for support of IPv6 but were abandoned and whether > or not > they are still being worked on is in question. > > My understanding is that support of IPv6 will require a rewrite of > some, > if not all, of Snort's Preprocessors and IPv6 support furthermore, can > not be done simply with the use of a Preprocessor, rather > modifications > to the Snort core itself. > > Does anyone have any insight in to these efforts or can anyone answer > intelligently to this issue. Does anyone know of a project currently > being developed or worked on that is working towards this effort? > > > > Best Regards, > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > > > - --------------------------------------------- > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > 1095 Pingree Road > Suite 213 > Crystal Lake, IL 60014 > Toll Free: (877) 262-7593 ext:327 > Direct: (847) 854-2725 ext:327 > Fax: (847) 854-5106 > Web: http://www.appliedwatch.com > Email: eric.hines@appliedwatch.com > > - -------------------------------------------- > > "Enterprise Open Source Snort Management" > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFD4h27bOqF2QHgUK0RAr0uAJ0QU5JgA/lGsjqAuxn39CjhzDcOCACg11Rf > 78Flj534c780OyDtVbNHK/4= > =CZg6 > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
