Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System

Dec 26, 2013 · 2 min read · snort ids IPv6 intrusion-detection ·

Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System

Martin Schütte

published in Magdeburger Journal zur Sicherheitsforschung (2013, #6, p. 409-452)

Info

This work describes the implementation and use of a preprocessor module for the popular open source Intrusion Detection System Snort that detects attacks against the IPv6 Neighbor Discovery Protocol. The implementation utilizes the existing preprocessor APIs for the extension of Snort and provides several new IPv6-specific rule options that can be used to define IPv6 related attack signatures. The developed module is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network. The plugin's source code is available at https://github.com/mschuett/spp_ipv6

Downloads

Download: https://d-nb.info/1046059807/34
Mirror at Codeberg: https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS-028-Schuette-SnortIPv6.pdf

BibTeX-Entry für mjs:Schuette:SnortIPv6

 1@article{mjs:Schuette:SnortIPv6,
 2  author = {Martin Schütte},
 3  title = {Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System},
 4  pages = {409-452},
 5  year = {2013},
 6  journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
 7  issn = {2192-4260},
 8  url = {https://d-nb.info/1046059807/34},
 9  codeberg = {https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS-028-Schuette-SnortIPv6.pdf},
10  issue = {2},
11  volume = {6},
12  urldate = {2013-12-26},
13  keywords = {ds15,mjsarticle,snort,ids,IPv6,intrusion detection},
14  abstract = {This work describes the implementation and use of a preprocessor module for the popular open source Intrusion Detection System Snort that detects attacks against the IPv6 Neighbor Discovery Protocol. The implementation utilizes the existing preprocessor APIs for the extension of Snort and provides several new IPv6-specific rule options that can be used to define IPv6 related attack signatures. The developed module is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network. The plugin\'s source code is available at https://github.com/mschuett/spp_ipv6},
15}

AsciiDoc citation commands

1. citenp:[mjs:Schuette:SnortIPv6]
2. cite:[mjs:Schuette:SnortIPv6]
3. bibitem[mjs:Schuette:SnortIPv6]

LaTeX citation commands

1. \textcite{mjs:Schuette:SnortIPv6}
2. \parencite{mjs:Schuette:SnortIPv6}
3. \cite{mjs:Schuette:SnortIPv6}

generated at Mon May 12 10:48:34 2025