AW: Bro IPv6

Scheffler, Thomas Thomas.Scheffler at t-systems.com
Tue Jul 20 02:01:49 PDT 2004


Hi Vern,

I am currently looking for an IDS which has 'full' IPv6 support.

IPv6 is growing (althrough sometimes silently) and the worst scenario
would be that it gets the stigma that its the protocol of choice for
malicious wrongdoing since it has become the backdoor into your network.

If we are going to offer customers dual stack IPv4/IPv6 access and there
is no adequate support from the security tools that he/she normally uses
this can easily happen without even noticing, since we lack the tools to
look for this sort of activity.

I have compiled it with the IPv6 option.
How do I tell that IPv6 is working in Bro at all?
I don't see any events for IPv6 generated.

Regards,
Thomas

> -----Ursprungliche Nachricht-----
> Von: Vern Paxson [mailto:vern at icir.org]
> Gesendet: Samstag, 17. Juli 2004 01:25
> An: Scheffler, Thomas
> Betreff: Re: Bro IPv6
> 
> 
> > What is the status of IPv6 support in Bro?
> 
> Bro supports IPv6 headers/addresses if configured using 
> --enable-brov6.
> (It doesn't have any support for IPv6 options or ICMPs.)  There's some
> bitrot in the code, though (it was developed quite a while ago, and we
> don't yet use it operationally), so it needs updating.  This probably
> won't happen for a while, as it's not currently a priority for us.
> 
> 		Vern
> 



More information about the Bro mailing list