RE: Normalizers, OpenBSD, etc.
From: Hammerle, Tye F (Tye.F.Hammerle@snapon.com)Date: 05/31/02
- Previous message: Saad Kadhi: "Re: Sourcefire Platforms"
- Next in thread: Jonas Eriksson: "Re: Normalizers, OpenBSD, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hammerle, Tye F" <Tye.F.Hammerle@snapon.com> To: "'goom0981@yahoo.com'" <goom0981@yahoo.com>, focus-ids@securityfocus.com Date: Fri, 31 May 2002 11:30:19 -0500
I think the "scrub" action of pf is what you're after. man pf.conf describes
it a little. example given was similar to "scrub in on xl0 all". If you're
not running openbsd the man pages and other info are available at
openbsd.org.
Tye
-----Original Message-----
From: goom0981@yahoo.com [mailto:goom0981@yahoo.com]
Sent: Friday, May 31, 2002 1:36 AM
To: focus-ids@securityfocus.com
Subject: Normalizers, OpenBSD, etc.
Having read Handley, Paxson, and Kreibich's paper on norm some months
ago, I have been very interested in the concept of traffic normalization
and have been waiting for the technology to season a bit.
At a recent security conference, I was told by a prominent IDS developer
that the new version of OpenBSD has these capabilities resident (in pf
maybe??). However, I haven't been able to find out anything more on this.
If someone wanted to begin the process of implementing traffic
normalization ("norm" or something else) today, where would he/she go?
Thanks,
Justin
- Previous message: Saad Kadhi: "Re: Sourcefire Platforms"
- Next in thread: Jonas Eriksson: "Re: Normalizers, OpenBSD, etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
