traffic normalizer for ipfw?
avalon at caligula.anu.edu.au
Fri Feb 20 01:10:27 PST 2004
In some mail from Kurt Seifried, sie said:
> It's not like you HAVE to use it. It's an option, you can use it, or not. As
> far as the symantic arguments of firewalls/IDS/IPS/etc (technically I'd say
> scrub is more an IPS style feature then IDS since it actively manipulates
> the data to make it less "dangerous") please let's not go there, it's
Cripes, and you claim to be a publisher of security related information?
Well, I suppose if you are then you're press and we all know how good
the press are at getting technical things "right".
"scrub" won't do a damn thing about making data "less dangerous".
And it's not an IPS either (it won't do anything about preventing
someone from using an IIS/apache exploit in your web farm.)
All it does is try and clean off rough edges of packet header fields
so that they fit into an IDS's picture of the world more easily.
That's it. Well, they have extended the 'scrub' facility to do other
things that could just as easily be done elsewhere but it is definately
NOT an IPS (and anyone selling it as such is a fraud.)
More information about the freebsd-security