Google and IPv6
Jeroen Massar
jeroen at unfix.org
Mon Mar 17 14:38:02 CET 2008
Terry Manderson wrote:
[..]
>
> Probably a little askew from topic..
>
> In the past few IETFs and some security related meetings I have run into
> a few security folk who are rather concerned about 6to4, (proto 41).
> Their concerns relate to the existence of command and control channels
> to and from botnets using 6to4 and completely bypassing IDS and firewall
> packet inspection.
>
> Has anyone else heard or seen this?
Seen and shut off a couple of times already.
But any real botwriter knows that the best C&C method is HTTP, just use
http(s) and send some nice GET/POST's over it. Looks like normal traffic
anyway you want it. Also one could of course do AJAX/JSON stuff in there
now to make nice formatted data which really looks like normal AJAX
traffic. Try blocking that...
Greets,
Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20080317/0c4522b8/signature.bin
More information about the ipv6-ops
mailing list