Re: traffic normalizer for ipfw?

From: Darren Reed (avalon_at_caligula.anu.edu.au)
Date: 02/20/04

  • Next message: Darren Reed: "Re: traffic normalizer for ipfw?" 
    To: listuser@seifried.org
Date: Fri, 20 Feb 2004 20:10:17 +1100 (Australia/ACT)

    In some mail from Kurt Seifried, sie said:
    >
    > It's not like you HAVE to use it. It's an option, you can use it, or not. As
    > far as the symantic arguments of firewalls/IDS/IPS/etc (technically I'd say
    > scrub is more an IPS style feature then IDS since it actively manipulates
    > the data to make it less "dangerous") please let's not go there, it's
    > pointless.

    Cripes, and you claim to be a publisher of security related information?

    Well, I suppose if you are then you're press and we all know how good
    the press are at getting technical things "right".

    "scrub" won't do a damn thing about making data "less dangerous".

    And it's not an IPS either (it won't do anything about preventing
    someone from using an IIS/apache exploit in your web farm.)

    All it does is try and clean off rough edges of packet header fields
    so that they fit into an IDS's picture of the world more easily.

    That's it. Well, they have extended the 'scrub' facility to do other
    things that could just as easily be done elsewhere but it is definately
    NOT an IPS (and anyone selling it as such is a fraud.)

    Darren
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Darren Reed: "Re: traffic normalizer for ipfw?"