Re: [Snort-users] Snort IPv6
This is a discussion on Re: [Snort-users] Snort IPv6 within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Martin, Approbation to the Sourcefire team for keeping this issue on your radar. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-02-2006
|
|||
|
|||
Re: [Snort-users] Snort IPv6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hi Martin, Approbation to the Sourcefire team for keeping this issue on your radar. I googled and saw your posting back in 2002 for an initial experimental release you made of Snort IPv6 support but never saw anything after that. I should preface this email with the fact that the OMB has made this a mandate for all federal agencies by June of the 2008 federal fiscal year, which certainly puts this on the radar for quite a lot of folks. Will the IPv6 support in Snort be GPLed and made as a part of the snort.org distribution or can you not comment on that this early? I as well as our customers would be happy to provide extensive testing for you in both 10/100 and multi-gig environments of any upcoming IPv6 experimental releases. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines@appliedwatch.com - -------------------------------------------- "Enterprise Open Source Security Management" Martin Roesch wrote: > We have the same requirements at Sourcefire and we'll be addressing > them in Snort as soon as we can. I think it'd be a bad idea to rewrite > everything independent of Sourcefire because we'll be duplicating the > work and we're likely to come up with different solutions. > > The "real answer" to this problem is to restructure Snort's decoder (as > I've said before) so that it can gracefully handle layers/ encapsulation > in a way that's not a big retrofit over everything we have. That's a > big undertaking because to do it we need a new Packet struct. If you > grep for "Packet" in Snort's source code you'll see this is a pretty > serious refactoring effort. > > We definitely will be interested in getting feedback and testing from > the community on the implementation as it becomes available, this is a > big change and we don't make any claims that our in-house testing can > be as all encompassing as the the diverse operating environments that > all of you have at your fingertips. > > Anyway, stay tuned and sorry for the delay! > > -Marty > > On Feb 2, 2006, at 9:56 AM, Eric Hines wrote: > > Community: > > Recently, OMB (Office of Management and Budget) issued a mandate that > all federal agencies be IPv6 compliant by 2008. This sparks the question > of federal and military organizations who will be going through an IPv6 > roll-out as to when Snort will have support for IPv6 addressing. > > I understand that previous attempts were made to make modifications to > the Snort core for support of IPv6 but were abandoned and whether or not > they are still being worked on is in question. > > My understanding is that support of IPv6 will require a rewrite of some, > if not all, of Snort's Preprocessors and IPv6 support furthermore, can > not be done simply with the use of a Preprocessor, rather modifications > to the Snort core itself. > > Does anyone have any insight in to these efforts or can anyone answer > intelligently to this issue. Does anyone know of a project currently > being developed or worked on that is working towards this effort? > > > > Best Regards, > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > > > --------------------------------------------- > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > 1095 Pingree Road > Suite 213 > Crystal Lake, IL 60014 > Toll Free: (877) 262-7593 ext:327 > Direct: (847) 854-2725 ext:327 > Fax: (847) 854-5106 > Web: http://www.appliedwatch.com > Email: eric.hines@appliedwatch.com > > -------------------------------------------- > > "Enterprise Open Source Snort Management" >> >> - ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel? cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users >> > -- > Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 > Sourcefire - Security for the Real World - http://www.sourcefire.com > Snort: Open Source Network IDS - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD4n81bOqF2QHgUK0RAiW0AKDUtouXdkDkJLEGaQKywm wP4kwaNQCfXmaS pXhlL3jQL3SREx4x07D1BHM= =fc1p -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
