[Dshield] IPv6 support?

Johannes B. Ullrich jullrich at sans.org
Tue Apr 18 18:39:56 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Valdis.Kletnieks at vt.edu wrote:
> Now that the Linux 2.6.16 kernel has connection tracking for IPv6, using the
> ip6tables stuff to build more-sane IPv6 firewalls is doable.
> 
> Anybody looked at adding the support for IPv6 to the DShield code? :)

IPv6 will require a very different data structure then IPv4 to do it
right. Its more difficult then just expanding the address size (and even
thats not that easy).

One big problem is that I don't really have any good sample data to show
what regular vs. abnormal IPv6 traffic looks like in iptables. Does
anybody have such samples? Maybe there is a simple "first cut" I could
do. But at this point: who would submit data?



> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


- --

- -------------------
Johannes B. Ullrich, Ph.D
Chief Research Officer
SANS Institute
http://isc.sans.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFERTJ7PNuXYcm/v/0RA86xAJ4pUeMHIJFFuLuthDThXLV3M1alvwCeP7b2
Owol6hkp7qt0Fiscq9ddHc0=
=YfX9
-----END PGP SIGNATURE-----


More information about the list mailing list