[Snort-users] Snort IPv6 howto/rules

Stephen Reese rsreese at ...11827...
Mon Apr 13 20:02:45 EDT 2009


Are there any IPv6 Snort rule sets available or do they need to be
written from scratch? I've compiled Snort 2.8.4 with IPv6 support but
realized I don't a clue in regards to the configuration that's needed
to look at the IPv6 traffic. TCPDUMP on the sensor interface sees IPv6
related traffic.

Should I specify another var for the IPv6 scheme:

var HOME_NET [x.x.x.0/24,x.x.x..0/24]

IPv6 tunnel over IPv4 | Router with IPv6 address | Snort sensor |
Network with functioning IPv6 hosts

Thanks




More information about the Snort-users mailing list