From owner-freebsd-security@FreeBSD.ORG Fri Feb 20 02:44:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE71B16A4CE for ; Fri, 20 Feb 2004 02:44:13 -0800 (PST) Received: from deskaheh.nysindy.org (host-69-48-73-242.roc.choiceone.net [69.48.73.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97A9743D1F for ; Fri, 20 Feb 2004 02:44:13 -0800 (PST) (envelope-from bks10@cornell.edu) Received: from atotarho.wuhjuhbuh.afraid.org (pool-129-44-211-45.syr.east.verizon.net [129.44.211.45]) by deskaheh.nysindy.org (Postfix) with ESMTP id 993C541A03; Fri, 20 Feb 2004 05:44:10 -0500 (EST) Received: from 10.0.0.26 (SquirrelMail authenticated user ski) by atotarho.wuhjuhbuh.afraid.org with HTTP; Fri, 20 Feb 2004 05:44:12 -0500 (EST) Message-ID: <3883.10.0.0.26.1077273852.squirrel@atotarho.wuhjuhbuh.afraid.org> In-Reply-To: <200402200931.i1K9V9HV010992@caligula.anu.edu.au> References: <028101c3f792$eaf115a0$1400000a@bigdog> from "Kurt Seifried" atFeb 20, 2004 02:21:27 AM <200402200931.i1K9V9HV010992@caligula.anu.edu.au> Date: Fri, 20 Feb 2004 05:44:12 -0500 (EST) From: "Brian Szymanski" To: "Darren Reed" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-security@freebsd.org Subject: Re: traffic normalizer for ipfw? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2004 10:44:13 -0000 With all due respect, Mr. Reed (and others!), kindly keep this off-list. I do not need 4 consecutive responses to a flamewar about this. People are on this list to hear about security problems with freebsd, not to read such crap. Thank you! Brian Szymanski bks10@cornell.edu ski@indymedia.org > In some mail from Kurt Seifried, sie said: >> >> > "scrub" won't do a damn thing about making data "less dangerous". >> > And it's not an IPS either (it won't do anything about preventing >> > someone from using an IIS/apache exploit in your web farm.) >> >> No but it will prevent some protocol level exploits/etc that can make >> applications and systems puke their guts up (yes, some TCP-IP stacks >> suck >> that much). Stopping a denial of service attack (intentional or >> otherwise) >> sounds like a typical IPS related function, not an IDS function. In any >> event this sort of prooves how pointless the IDS/IPS argument is >> (everyone >> is quite happy to disagree on what they are/do). > > You don't need normalising to achieve that. > > Why would you want to normalise bad packets into good ones so you can > let them in rather than drop them ? > >> Last I checked it was BSD licensed, and AFAIK no-one is "selling it" as >> an >> IPS. > [...from your earlier text:...] >> > > far as the symantic arguments of firewalls/IDS/IPS/etc >> > > (technically I'd say scrub is more an IPS style feature >> > > then IDS since it actively manipulates > [...] > > So you're not selling it as an IPS there ? > > Darren > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -- Brian Szymanski ski@indymedia.org bks10@cornell.edu