OpenBSD developer Ryan McBride has put up a small article, explaining the new firewall redundancy features (pfsync, CARP) in the upcoming OpenBSD 3.5 release. CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes.
March 2004 Archives
Kimberly C. Claffy from the Cooperative Association for Internet Data Analysis (CAIDA) recently held a presentation about --Internet Measurement: Myths about Internet data-- at the Politechnic Univeristy of Salzburg. The presentation data is available online: here and here. Lots of other interesting stuff can be found here. We also found a copy of her (famous?) --My favorite net things-- on the Internet.
SecurityFocus has posted a nice survey of anti-spam technologies
by spam expert Neal Krawetz, in which he delves deeply into the
specifics and pitfalls of the numerous proposed solutions. Krawetz
makes it obvious that securing the email infrastructure is a very
complex problem that many of the current (simple) solutions can't solve
alone.
David Barroso Berrueta has put together a list of rules and tools you can use to defeat Nmap OS fingerprinting.
He's found several mechanisms on various OS flavors, and even shows
simple rules to use in PF to defeat fingerprinting attempts.
