Development of a Snort IPv6 Plugin - Detection of Attacks on the Neighbor Discovery Protocol
Martin Schütte, Thomas Scheffler, Bettina Schnor
2012
Abstract
This paper describes the implementation and use of a preprocessor module for the open source Intrusion Detection System Snort. Our implementation utilizes preprocessor APIs for the extension of Snort and provides several new IPv6-specific rule options that make the definition of IPv6-specific attack signatures possible. The preprocessor detects attacks against the IPv6 Neighbor Discovery Protocol and can identify suspicious activity in local IPv6 networks. This includes misconfigured network elements, as well as malicious activities from attackers on the network. To our knowledge this is the first such implementation in an Open Source IDS.
DownloadPaper Citation
in Harvard Style
Schütte M., Scheffler T. and Schnor B. (2012). Development of a Snort IPv6 Plugin - Detection of Attacks on the Neighbor Discovery Protocol . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 399-402. DOI: 10.5220/0004073303990402
in Bibtex Style
@conference{secrypt12,
author={Martin Schütte and Thomas Scheffler and Bettina Schnor},
title={Development of a Snort IPv6 Plugin - Detection of Attacks on the Neighbor Discovery Protocol},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={399-402},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004073303990402},
isbn={978-989-8565-24-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Development of a Snort IPv6 Plugin - Detection of Attacks on the Neighbor Discovery Protocol
SN - 978-989-8565-24-2
AU - Schütte M.
AU - Scheffler T.
AU - Schnor B.
PY - 2012
SP - 399
EP - 402
DO - 10.5220/0004073303990402