[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-actuator] SLPF: Should we get rid of the false ACK option?
Joe et al:
Here is the current text I see:
maybe it could be better stated as
A TippingPoint guide states: Each “Block” action can optionally specify that a TCP Reset occur, which results in the TOE resetting the TCP connection for the source or destination IP
address when the Block action executes.
I can say that this works for a stateless tippingpoint device. So, no, a device does not have to maintain state to do this. It is more common to maintain state and do this, but it is not required.
References: https://www.commoncriteriaportal.org/files/epfiles/st_vid10435-st.pdf
From: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org> on behalf of Trey Darley <trey@newcontext.com>
Sent: Thursday, August 30, 2018 4:11:28 AM To: Brule, Joseph M Cc: 'openc2-actuator@lists.oasis-open.org' Subject: Re: [openc2-actuator] SLPF: Should we get rid of the false ACK option? On 29.08.2018 17:01:17, Brule, Joseph M wrote:
> > I do know that there are high speed filters that are deployed today > with this capability. I do not know how widely false acks are used. > > Let me know what you think. I do not intend to dig my heels on this > one but tend toward supporting current capabilities. > Your reasoning makes sense to me, Joe. +1 -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "Just wait till time intervenes. The alchemy of time transforms everything into comedy. Everything..." --Josef Škvorecký |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]