IPv6 Snort Plugin

As part of my diploma thesis I wrote an IPv6 Plugin for Snort, which includes a preprocessor for neighbor discovery messages and several rule options to evaluate IPv6 specific protocol fields.

The project is described in my diploma thesis De­sign and Im­ple­men­ta­ti­on of an IPv6 Plu­gin for the Snort In­tru­si­on De­tec­tion Sys­tem. The code itself is now available a) on the new Snort IPv6 Plugin project site and b) on GitHub (+2nd project for my small test framework).

Update 2014: Big Thanks to Stefan Schuhmacher who cleaned up my old LaTeX-Code and published an edited version in the Magdeburger Journal zur Sicherheitsforschung (pdf). Also big Thanks to the ENBW for inviting me to give a presentation at the Troopers 2014 IPv6 Security Summit; as well as the DeepSec team to invite me to DeepSec 2014 (including the opportunity to publish my article in their proceedings).