Re: traffic normalizer for ipfw?

From: Dorin H (bj93542_at_yahoo.com)
Date: 02/20/04

  • Next message: Kurt Seifried: "Re: traffic normalizer for ipfw?" 
    Date: Thu, 19 Feb 2004 16:30:52 -0800 (PST)
To: Darren Reed <avalon@caligula.anu.edu.au>

    --- Darren Reed <avalon@caligula.anu.edu.au> wrote:
    > In some mail from Bruce M Simpson, sie said:
    > >
    > > On Thu, Feb 19, 2004 at 01:02:16PM -0800, Dorin H
    > wrote:
    > > > Is there some way to configure ipfw to do
    > traffic normalizing ("scrubbing", as in ipf for
    <snip>
    > You mean pf, not ipf..

    Right.

    >
    > normalizing is over rated as a firewall feature -
    > it's really
    > something that belongs in IDS software.
    >
    <snip>
    > Darren

    True, it's part of IDS. Nevertheless, do you think
    that traffic normalizing is useful?
    If yes, where would you have it (you need an inline
    device for it; move the IDS inline and becomes IPS,
    which, IMHO, is indeed something over rated:)?
    If not, do you know better ways to handle IDS evasions
    (other than network active mapping, which takes both
    time & resources and could be useful for small
    networks only probably)?
    TIA,
    /Dorin.

    __________________________________
    Do you Yahoo!?
    Yahoo! Mail SpamGuard - Read only the mail you want.
    http://antispam.yahoo.com/tools
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Kurt Seifried: "Re: traffic normalizer for ipfw?"

    Relevant Pages