Christopher Keeley wrote: > Dear All > > I have an idea which I would like to run by developers and users alike.
> Does anyone think 'pattern matching' on packets values would be > a useful addition to pf' current capabilities? > > The idea would be to allow users to write simple numeric sequences > representing packet values into the .conf file and associate them with rules. Anyone thinking of this idea needs to read the Ptacek and Newsham paper and consider how much complexity would need to be added to the kernel in order to counter the techniques they describe. http://downloads.securityfocus.com/library/ids.ps At least one tier-1 IDS vendor doesn't even get this stuff right, so it isn't trivial. -d
