Date: Fri, 20 Feb 2004 20:10:17 +1100 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: listuser@seifried.org Cc: Darren Reed <avalon@caligula.anu.edu.au> Subject: Re: traffic normalizer for ipfw? Message-ID: <200402200910.i1K9AIoe005185@caligula.anu.edu.au> In-Reply-To: <00b001c3f779$91ba8750$1400000a@bigdog> from "Kurt Seifried" at Feb 19, 2004 11:20:00 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Kurt Seifried, sie said: > > It's not like you HAVE to use it. It's an option, you can use it, or not. As > far as the symantic arguments of firewalls/IDS/IPS/etc (technically I'd say > scrub is more an IPS style feature then IDS since it actively manipulates > the data to make it less "dangerous") please let's not go there, it's > pointless. Cripes, and you claim to be a publisher of security related information? Well, I suppose if you are then you're press and we all know how good the press are at getting technical things "right". "scrub" won't do a damn thing about making data "less dangerous". And it's not an IPS either (it won't do anything about preventing someone from using an IIS/apache exploit in your web farm.) All it does is try and clean off rough edges of packet header fields so that they fit into an IDS's picture of the world more easily. That's it. Well, they have extended the 'scrub' facility to do other things that could just as easily be done elsewhere but it is definately NOT an IPS (and anyone selling it as such is a fraud.) Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402200910.i1K9AIoe005185>