OpenBSD Pf Scrubbing

I'm always looking for new ways to handle network traffic. I noticed that the OpenBSD Packet Filter offers scrubbing. This builds on the concepts discussed by Mark Handley and Vern Paxson, discussed at Slashdot. PF's "random-id" option should defeat Steve Bellovin's technique for counting NATed hosts. Peter Phaal of InMon wrote Detecting NAT Devices using sFlow, which relies on counting TTL values to detect NAT hosts. pf's "min-ttl" feature might obscure that tactic, according to another Slashdot thread.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics