[Snort-users] Snort IPv6

Eric Hines eric.hines at ...8860...
Thu Feb 2 13:52:08 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

Approbation to the Sourcefire team for keeping this issue on your radar.
I googled and saw your posting back in 2002 for an initial experimental
release you made of Snort IPv6 support but never saw anything after
that. I should preface this email with the fact that the OMB has made
this a mandate for all federal agencies by June of the 2008 federal
fiscal year, which certainly puts this on the radar for quite a lot of
folks.

Will the IPv6 support in Snort be GPLed and made as a part of the
snort.org distribution or can you not comment on that this early?

I as well as our customers would be happy to provide extensive testing
for you in both 10/100 and multi-gig environments of any upcoming IPv6
experimental releases.





Best Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC


- ---------------------------------------------

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 213
Crystal Lake, IL 60014
Toll Free: (877) 262-7593 ext:327
Direct: (847) 854-2725 ext:327
Fax: (847) 854-5106
Web: http://www.appliedwatch.com
Email: eric.hines at ...8860...

- --------------------------------------------

"Enterprise Open Source Security Management"


Martin Roesch wrote:
> We have the same requirements at Sourcefire and we'll be addressing 
> them in Snort as soon as we can.  I think it'd be a bad idea to  rewrite
> everything independent of Sourcefire because we'll be  duplicating the
> work and we're likely to come up with different  solutions.
> 
> The "real answer" to this problem is to restructure Snort's decoder  (as
> I've said before) so that it can gracefully handle layers/ encapsulation
> in a way that's not a big retrofit over everything we  have.  That's a
> big undertaking because to do it we need a new Packet  struct.  If you
> grep for "Packet" in Snort's source code you'll see  this is a pretty
> serious refactoring effort.
> 
> We definitely will be interested in getting feedback and testing from 
> the community on the implementation as it becomes available, this is  a
> big change and we don't make any claims that our in-house testing  can
> be as all encompassing as the the diverse operating environments  that
> all of you have at your fingertips.
> 
> Anyway, stay tuned and sorry for the delay!
> 
>     -Marty
> 
> On Feb 2, 2006, at 9:56 AM, Eric Hines wrote:
> 
> Community:
> 
> Recently, OMB (Office of Management and Budget) issued a mandate that
> all federal agencies be IPv6 compliant by 2008. This sparks the  question
> of federal and military organizations who will be going through an  IPv6
> roll-out as to when Snort will have support for IPv6 addressing.
> 
> I understand that previous attempts were made to make modifications to
> the Snort core for support of IPv6 but were abandoned and whether  or not
> they are still being worked on is in question.
> 
> My understanding is that support of IPv6 will require a rewrite of  some,
> if not all, of Snort's Preprocessors and IPv6 support furthermore, can
> not be done simply with the use of a Preprocessor, rather  modifications
> to the Snort core itself.
> 
> Does anyone have any insight in to these efforts or can anyone answer
> intelligently to this issue. Does anyone know of a project currently
> being developed or worked on that is working towards this effort?
> 
> 
> 
> Best Regards,
> 
> Eric Hines, GCIA, CISSP
> CEO, President
> Applied Watch Technologies, LLC
> 
> 
> ---------------------------------------------
> 
> Eric Hines, GCIA, CISSP
> CEO, President
> Applied Watch Technologies, LLC
> 1095 Pingree Road
> Suite 213
> Crystal Lake, IL 60014
> Toll Free: (877) 262-7593 ext:327
> Direct: (847) 854-2725 ext:327
> Fax: (847) 854-5106
> Web: http://www.appliedwatch.com
> Email: eric.hines at ...8860...
> 
> --------------------------------------------
> 
> "Enterprise Open Source Snort Management"
>>
>>
- -------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through
log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  SPLUNK!
http://sel.as-us.falkag.net/sel? cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>

> -- 
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Security for the Real World - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD4n81bOqF2QHgUK0RAiW0AKDUtouXdkDkJLEGaQKywmwP4kwaNQCfXmaS
pXhlL3jQL3SREx4x07D1BHM=
=fc1p
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list