[Snort-users] Snort doubt

Dirk Geschke dirk at ...10648...
Tue Dec 13 11:12:01 EST 2005


Hi Caceres,

> What the Snort's state of art about IPv6 support?
> Can Snort identify IPv6 attacks attempts in the network?

not yet... A long time ago Marty released a beta (or alpha) 
version of snort supporting IPv6. But it was more a framework
than an usable system.

The actual version of snort is only IPv4 capable, IPv6 packets
are only counted.

> I searched in the Snort.org page and I discovered that IPv6 appears in Snort
> Static's. I find to, that exists at least 3 rules for IPv6 (ICMP IPV6
> I-Am-Here, ICMP IPV6 I-Am-Here undefined code, ICMP IPV6 Where-Are-You, ICMP
> IPV6 Where-Are-You undefined code) intrusion detection.

This are IPv4 ICMP messages regarding to an original IPv6 packet. So
this works for snort...

Best regards

Dirk




More information about the Snort-users mailing list