[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Network Connection Object TCP Extension
I think we should keep them apart, but maybe with additional TCP fields in them like mss, tos, maybe even a boolean field for fragmented, and maybe a list of TCP options in there too.
Cheers
Terry MacDonald
Cosive
Given that the 90-95+% use case for the network connection object will be TCP and UDP, the src/dst port information was moved to the base object instead of having a UDP extension and a TCP extension. However, when this was done two fields were left in the new somewhat errant TCP extension. Namely the src/dst "flags"I would propose that it does not make sense to have this TCP extension with just 2 properties that are flags, when the port information was merged down to the base object.So I see two proposals to this issue:1) We also merge down the TCP flags and leave them as optional, similarly to what we did with the port information.2) We rename the TCP Extension to be TCP/UDP Extension and put the port information back in it.Thanks,BretBret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTOBlue Coat SystemsPGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]