traffic normalizer for ipfw?
bj93542 at yahoo.com
Thu Feb 19 16:30:52 PST 2004
--- Darren Reed <avalon at caligula.anu.edu.au> wrote:
> In some mail from Bruce M Simpson, sie said:
> > On Thu, Feb 19, 2004 at 01:02:16PM -0800, Dorin H
> > > Is there some way to configure ipfw to do
> traffic normalizing ("scrubbing", as in ipf for
> You mean pf, not ipf..
> normalizing is over rated as a firewall feature -
> it's really
> something that belongs in IDS software.
True, it's part of IDS. Nevertheless, do you think
that traffic normalizing is useful?
If yes, where would you have it (you need an inline
device for it; move the IDS inline and becomes IPS,
which, IMHO, is indeed something over rated:)?
If not, do you know better ways to handle IDS evasions
(other than network active mapping, which takes both
time & resources and could be useful for small
networks only probably)?
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
More information about the freebsd-security