traffic normalizer for ipfw?
Darren Reed
avalon at caligula.anu.edu.au
Fri Feb 20 01:31:12 PST 2004
In some mail from Kurt Seifried, sie said:
>
> > "scrub" won't do a damn thing about making data "less dangerous".
> > And it's not an IPS either (it won't do anything about preventing
> > someone from using an IIS/apache exploit in your web farm.)
>
> No but it will prevent some protocol level exploits/etc that can make
> applications and systems puke their guts up (yes, some TCP-IP stacks suck
> that much). Stopping a denial of service attack (intentional or otherwise)
> sounds like a typical IPS related function, not an IDS function. In any
> event this sort of prooves how pointless the IDS/IPS argument is (everyone
> is quite happy to disagree on what they are/do).
You don't need normalising to achieve that.
Why would you want to normalise bad packets into good ones so you can
let them in rather than drop them ?
> Last I checked it was BSD licensed, and AFAIK no-one is "selling it" as an
> IPS.
[...from your earlier text:...]
> > > far as the symantic arguments of firewalls/IDS/IPS/etc
> > > (technically I'd say scrub is more an IPS style feature
> > > then IDS since it actively manipulates
[...]
So you're not selling it as an IPS there ?
Darren
More information about the freebsd-security
mailing list