Google and IPv6

Jeroen Massar jeroen at unfix.org
Mon Mar 17 14:38:02 CET 2008


Terry Manderson wrote:
[..]
> 
> Probably a little askew from topic..
> 
> In the past few IETFs and some security related meetings I have run into 
> a few security folk who are rather concerned about 6to4, (proto 41). 
> Their concerns relate to the existence of command and control channels 
> to and from botnets using 6to4 and completely bypassing IDS and firewall 
> packet inspection.
> 
> Has anyone else heard or seen this?

Seen and shut off a couple of times already.

But any real botwriter knows that the best C&C method is HTTP, just use 
http(s) and send some nice GET/POST's over it. Looks like normal traffic 
anyway you want it. Also one could of course do AJAX/JSON stuff in there 
now to make nice formatted data which really looks like normal AJAX 
traffic. Try blocking that...

Greets,
  Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20080317/0c4522b8/attachment.sig>


More information about the ipv6-ops mailing list