[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-actuator] Proposed means to support (deny or allow) ICMP types
I'll agree with Kamer and Duncan, I did like what Kamer illustrated with bullets, I think option one is most extensible.
-Alex
From: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org> on behalf of Kamer Vishi <kamerv@ifi.uio.no>
Sent: Thursday, February 14, 2019 2:41 PM To: Brule, Joseph M Cc: openc2-actuator@lists.oasis-open.org Subject: Re: [openc2-actuator] Proposed means to support (deny or allow) ICMP types I will start my feedback with less preferred approach/option.
Approach TWO: e.g. when we have to deny/allow traffic based on TCP or UDP the property ICMP type will be unused.
Approach THREE a.k.a. "widening the 5-tuple”; is a discussion which is mainly for NGF (Next-Generation Firewalls).
Approach ONE is my preference since ICMP data (type and code) are specifically used with proto=ICMP (NOT for UDP and TCP).
--
Best,
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]