What is the performance hit when turning on this feature within NFR and ISS?
-Scott -----Original Message----- From: David Williams [mailto:[EMAIL PROTECTED] Sent: Monday, November 07, 2005 9:51 AM To: Planz Cc: Mike Barkett; [email protected] Subject: Re: IPv6 support in IDS/IPS products I'm a little surprised. I have only heard back from two vendors that claim to do full IPv6: NFR & ISS. I doubt this is an accurate representation, so I'll try one more time. Has anybody heard anything about the other products out there? thanks, D On 11/3/05, Planz <[EMAIL PROTECTED]> wrote: > As per the below whitepaper, ISS is supporting IPv6 and corresponding > tunneling to IPv4 and vice versa, but I have seen no claims by other > verdors as well. > > http://documents.iss.net/whitepapers/IPv6.pdf > > Besides that, I read an interesting slide on IPv6 Security in the > following link: > > http://www.wareonearth.com/whitepapers/IPv6SecurityIssues.pps > > > > Mike Barkett wrote: > > >David - > > > >I will pipe up for NFR. Our Sentivist Smart sensors are natively capable of > >"all of the above" at the sensor engine level. Tunneling, full analysis, > >everything. And we've been doing it for a couple of years now. > > > >I cannot provide a list of vendors who do this, but I will say that I was > >told 7 months ago by an IPv6 expert that we were the only IPS vendor he was > >aware of who did it "properly". I don't know if that's actually/still true, > >so I'd be very interested in seeing who else chimes in on this thread. > > > >Not surprisingly, we find this feature to be very popular in the U.S. > >government and overseas, particularly in Asia. What we try to explain to > >the rest of the world is that even if they don't think they are running > >IPv6, parts of their network may still be at risk of a tunneled IPv6 attack. > > > >-MAB > > > >-- > >(nfr)(security) > >Michael A Barkett, CISSP > >Vice President, Systems Engineering > >(www.nfr.com) +1.240.632.9000 Fax: +1.240.747.3512 > > > > > > > >>-----Original Message----- > >>From: David Williams [mailto:[EMAIL PROTECTED] > >>Sent: Sunday, October 30, 2005 9:53 AM > >>To: [email protected] > >>Subject: IPv6 support in IDS/IPS products > >> > >>Hi list, > >> > >>I've read that some IDS/IPS vendors can monitor IPv6, but not > >>completely. For example, they might be able to alert on the > >>presence of IPv6 traffic, but they can't actually do full analysis > >>because they can't parse the headers correctly. Especially for > >>things like IPv6 tunneled over IPv4, or IPv6 tunneled over IPv6, etc. > >> > >>Does anybody have a list of which vendors support what, and to what > >>extent? > >> > >>thanks, > >> > >>D > >> > >> > >> > > > > > >------------------------------------------------------------------------ > >Test Your IDS > > > >Is your IDS deployed correctly? > >Find out quickly and easily by testing it > >with real-world attacks from CORE IMPACT. > >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > >to learn more. > >------------------------------------------------------------------------ > > > > > > > > > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
