Date: Fri, 20 Feb 2004 20:31:09 +1100 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: listuser@seifried.org Cc: freebsd-security@freebsd.org Subject: Re: traffic normalizer for ipfw? Message-ID: <200402200931.i1K9V9HV010992@caligula.anu.edu.au> In-Reply-To: <028101c3f792$eaf115a0$1400000a@bigdog> from "Kurt Seifried" at Feb 20, 2004 02:21:27 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Kurt Seifried, sie said: > > > "scrub" won't do a damn thing about making data "less dangerous". > > And it's not an IPS either (it won't do anything about preventing > > someone from using an IIS/apache exploit in your web farm.) > > No but it will prevent some protocol level exploits/etc that can make > applications and systems puke their guts up (yes, some TCP-IP stacks suck > that much). Stopping a denial of service attack (intentional or otherwise) > sounds like a typical IPS related function, not an IDS function. In any > event this sort of prooves how pointless the IDS/IPS argument is (everyone > is quite happy to disagree on what they are/do). You don't need normalising to achieve that. Why would you want to normalise bad packets into good ones so you can let them in rather than drop them ? > Last I checked it was BSD licensed, and AFAIK no-one is "selling it" as an > IPS. [...from your earlier text:...] > > > far as the symantic arguments of firewalls/IDS/IPS/etc > > > (technically I'd say scrub is more an IPS style feature > > > then IDS since it actively manipulates [...] So you're not selling it as an IPS there ? Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402200931.i1K9V9HV010992>