Thursday, June 26, 2003

OpenBSD Pf Scrubbing

I'm always looking for new ways to handle network traffic. I noticed that the OpenBSD Packet Filter offers scrubbing. This builds on the concepts discussed by Mark Handley and Vern Paxson, discussed at Slashdot. PF's "random-id" option should defeat Steve Bellovin's technique for counting NATed hosts. Peter Phaal of InMon wrote Detecting NAT Devices using sFlow, which relies on counting TTL values to detect NAT hosts. pf's "min-ttl" feature might obscure that tactic, according to another Slashdot thread.

