From owner-freebsd-security@FreeBSD.ORG Fri Feb 20 01:10:27 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B72F16A4FC for ; Fri, 20 Feb 2004 01:10:27 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15EE243D2F for ; Fri, 20 Feb 2004 01:10:20 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i1K9AIbF005226; Fri, 20 Feb 2004 20:10:18 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i1K9AIoe005185; Fri, 20 Feb 2004 20:10:18 +1100 (EST) From: Darren Reed Message-Id: <200402200910.i1K9AIoe005185@caligula.anu.edu.au> To: listuser@seifried.org Date: Fri, 20 Feb 2004 20:10:17 +1100 (Australia/ACT) In-Reply-To: <00b001c3f779$91ba8750$1400000a@bigdog> from "Kurt Seifried" at Feb 19, 2004 11:20:00 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 20 Feb 2004 02:24:54 -0800 cc: freebsd-security@freebsd.org cc: Dorin H cc: Darren Reed Subject: Re: traffic normalizer for ipfw? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 09:10:27 -0000 In some mail from Kurt Seifried, sie said: > > It's not like you HAVE to use it. It's an option, you can use it, or not. As > far as the symantic arguments of firewalls/IDS/IPS/etc (technically I'd say > scrub is more an IPS style feature then IDS since it actively manipulates > the data to make it less "dangerous") please let's not go there, it's > pointless. Cripes, and you claim to be a publisher of security related information? Well, I suppose if you are then you're press and we all know how good the press are at getting technical things "right". "scrub" won't do a damn thing about making data "less dangerous". And it's not an IPS either (it won't do anything about preventing someone from using an IIS/apache exploit in your web farm.) All it does is try and clean off rough edges of packet header fields so that they fit into an IDS's picture of the world more easily. That's it. Well, they have extended the 'scrub' facility to do other things that could just as easily be done elsewhere but it is definately NOT an IPS (and anyone selling it as such is a fraud.) Darren