Date: Fri, 20 Feb 2004 05:44:12 -0500 (EST) From: "Brian Szymanski" <bks10@cornell.edu> To: "Darren Reed" <avalon@caligula.anu.edu.au> Cc: freebsd-security@freebsd.org Subject: Re: traffic normalizer for ipfw? Message-ID: <3883.10.0.0.26.1077273852.squirrel@atotarho.wuhjuhbuh.afraid.org> In-Reply-To: <200402200931.i1K9V9HV010992@caligula.anu.edu.au> References: <028101c3f792$eaf115a0$1400000a@bigdog> from "Kurt Seifried" atFeb 20, 2004 02:21:27 AM <200402200931.i1K9V9HV010992@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
With all due respect, Mr. Reed (and others!), kindly keep this off-list. I do not need 4 consecutive responses to a flamewar about this. People are on this list to hear about security problems with freebsd, not to read such crap. Thank you! Brian Szymanski bks10@cornell.edu ski@indymedia.org > In some mail from Kurt Seifried, sie said: >> >> > "scrub" won't do a damn thing about making data "less dangerous". >> > And it's not an IPS either (it won't do anything about preventing >> > someone from using an IIS/apache exploit in your web farm.) >> >> No but it will prevent some protocol level exploits/etc that can make >> applications and systems puke their guts up (yes, some TCP-IP stacks >> suck >> that much). Stopping a denial of service attack (intentional or >> otherwise) >> sounds like a typical IPS related function, not an IDS function. In any >> event this sort of prooves how pointless the IDS/IPS argument is >> (everyone >> is quite happy to disagree on what they are/do). > > You don't need normalising to achieve that. > > Why would you want to normalise bad packets into good ones so you can > let them in rather than drop them ? > >> Last I checked it was BSD licensed, and AFAIK no-one is "selling it" as >> an >> IPS. > [...from your earlier text:...] >> > > far as the symantic arguments of firewalls/IDS/IPS/etc >> > > (technically I'd say scrub is more an IPS style feature >> > > then IDS since it actively manipulates > [...] > > So you're not selling it as an IPS there ? > > Darren > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -- Brian Szymanski ski@indymedia.org bks10@cornell.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3883.10.0.0.26.1077273852.squirrel>