traffic normalizer for ipfw?

Fri Feb 20 02:44:13 PST 2004

With all due respect, Mr. Reed (and others!), kindly keep this off-list. I
do not need 4 consecutive responses to a flamewar about this. People are
on this list to hear about security problems with freebsd, not to read
such crap.

Thank you!
Brian Szymanski
bks10 at cornell.edu
ski at indymedia.org

> In some mail from Kurt Seifried, sie said:
>>
>> > "scrub" won't do a damn thing about making data "less dangerous".
>> > And it's not an IPS either (it won't do anything about preventing
>> > someone from using an IIS/apache exploit in your web farm.)
>>
>> No but it will prevent some protocol level exploits/etc that can make
>> applications and systems puke their guts up (yes, some TCP-IP stacks
>> suck
>> that much). Stopping a denial of service attack (intentional or
>> otherwise)
>> sounds like a typical IPS related function, not an IDS function. In any
>> event this sort of prooves how pointless the IDS/IPS argument is
>> (everyone
>> is quite happy to disagree on what they are/do).
>
> You don't need normalising to achieve that.
>
> Why would you want to normalise bad packets into good ones so you can
> let them in rather than drop them ?
>
>> Last I checked it was BSD licensed, and AFAIK no-one is "selling it" as
>> an
>> IPS.
> [...from your earlier text:...]
>> > > far as the symantic arguments of firewalls/IDS/IPS/etc
>> > > (technically I'd say scrub is more an IPS style feature
>> > > then IDS since it actively manipulates
> [...]
>
> So you're not selling it as an IPS there ?
>
> Darren
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>

-- 
Brian Szymanski
ski at indymedia.org
bks10 at cornell.edu