Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00
Kenneth Green <KGreen@ixiacom.com> Wed, 02 November 2011 03:04 UTC
Return-Path: <KGreen@ixiacom.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D09E1F0C82 for <bmwg@ietfa.amsl.com>; Tue, 1 Nov 2011 20:04:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.099
X-Spam-Level:
X-Spam-Status: No, score=-4.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p9uFsh3FpDa0 for <bmwg@ietfa.amsl.com>; Tue, 1 Nov 2011 20:04:55 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id C52B01F0C55 for <bmwg@ietf.org>; Tue, 1 Nov 2011 20:04:54 -0700 (PDT)
Received: from mail73-ch1-R.bigfish.com (10.43.68.246) by CH1EHSOBE017.bigfish.com (10.43.70.67) with Microsoft SMTP Server id 14.1.225.22; Wed, 2 Nov 2011 03:04:39 +0000
Received: from mail73-ch1 (localhost.localdomain [127.0.0.1]) by mail73-ch1-R.bigfish.com (Postfix) with ESMTP id DFF2A890162 for <bmwg@ietf.org>; Wed, 2 Nov 2011 03:04:46 +0000 (UTC)
X-SpamScore: -34
X-BigFish: PS-34(zzbb2dK9371K542M98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h944h)
X-Forefront-Antispam-Report: CIP:157.55.61.13; KIP:(null); UIP:(null); IPVD:NLI; H:CH1PRD0604HT002.namprd06.prod.outlook.com; RD:none; EFVD:NLI
Received-SPF: pass (mail73-ch1: domain of ixiacom.com designates 157.55.61.13 as permitted sender) client-ip=157.55.61.13; envelope-from=KGreen@ixiacom.com; helo=CH1PRD0604HT002.namprd06.prod.outlook.com ; .outlook.com ;
Received: from mail73-ch1 (localhost.localdomain [127.0.0.1]) by mail73-ch1 (MessageSwitch) id 1320203084693351_5409; Wed, 2 Nov 2011 03:04:44 +0000 (UTC)
Received: from CH1EHSMHS008.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.243]) by mail73-ch1.bigfish.com (Postfix) with ESMTP id 9BC6CAC8053 for <bmwg@ietf.org>; Wed, 2 Nov 2011 03:04:44 +0000 (UTC)
Received: from CH1PRD0604HT002.namprd06.prod.outlook.com (157.55.61.13) by CH1EHSMHS008.bigfish.com (10.43.70.8) with Microsoft SMTP Server (TLS) id 14.1.225.22; Wed, 2 Nov 2011 03:04:51 +0000
Received: from CH1PRD0604MB113.namprd06.prod.outlook.com ([169.254.2.105]) by CH1PRD0604HT002.namprd06.prod.outlook.com ([10.42.111.209]) with mapi id 14.15.0003.000; Wed, 2 Nov 2011 03:04:51 +0000
From: Kenneth Green <KGreen@ixiacom.com>
To: "bmwg@ietf.org" <bmwg@ietf.org>
Thread-Topic: [bmwg] draft-green-bmwg-seceff-bench-meth-00
Thread-Index: AcySvqGwCJ5Y0rbNQRKjBrQFDORCwQDd8AjiAAM+gQsACYhkGQCkZXUQ
Date: Wed, 02 Nov 2011 03:04:50 +0000
Message-ID: <D9D031B5F8793F4292136C1E841B62FD02694E@CH1PRD0604MB113.namprd06.prod.outlook.com>
References: <D9D031B5F8793F4292136C1E841B62FD0132CD@CH1PRD0604MB113.namprd06.prod.outlook.com> <B41C90D2B5DF4F41A62DC6A462E7E0DC4FA2D3E2@EXCHANGE.securitytestsystems.com>, <201110291402.p9TE23v3031069@alpd052.aldc.att.com> <B41C90D2B5DF4F41A62DC6A462E7E0DC4FA2E711@EXCHANGE.securitytestsystems.com>
In-Reply-To: <B41C90D2B5DF4F41A62DC6A462E7E0DC4FA2E711@EXCHANGE.securitytestsystems.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.42.110.9]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: CH1PRD0604HT002.namprd06.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-MS-Exchange-CrossPremises-ContentConversionOptions: False; 00160000; True; ; iso-8859-1
X-OrganizationHeadersPreserved: CH1PRD0604HT002.namprd06.prod.outlook.com
X-OriginatorOrg: ixiacom.com
Subject: Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bmwg>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 03:04:55 -0000
RFC2647 provides this useful definition:
3.19 Illegal traffic
Definition:
Packets specified for rejection in the rule set of the DUT/SUT.
Discussion:
A buggy or misconfigured firewall might forward packets even though
its rule set specifies that these packets be dropped. Illegal traffic differs
from rejected traffic in that it describes all traffic specified for rejection
by the rule set, while rejected traffic specifies only those packets actually
dropped by the DUT/SUT.
We have described "evil" traffic as being in one of two classes, either malicious traffic intended to invade/damage/exploit the target or banned/disallowed traffic being that which is related to attempts to access disallowed sites or services, or to export proprietary information that is not allowed outside of the protected network.
It is useful in the prose to have language that naturally evokes the inherent contrast between traffic that should pass through and traffic that should be blocked. Hence the natural opposites of "good" and "evil" seemed appropriate.
However, the definition of "Illegal" given in 2647 does seem to encompass all packets that would be considered "evil" so long as the concept of "specified for rejection in the rule set of the DUT" is considered sufficiently broad to apply to whatever configuration features might be present in an NGF, IPS or UTM system which might go beyond ACLs and the like.
Regards,
Kenneth
Kenneth Green
Solution Architect
Ixia
-----Original Message-----
From: Dennis Cox [mailto:dcox@breakingpoint.com]
Sent: Sunday, 30 October 2011 5:44 AM
To: Al Morton; Kenneth Green; bmwg@ietf.org
Subject: RE: [bmwg] draft-green-bmwg-seceff-bench-meth-00
Al,
Yes "evil" is used in a previous RFC, however that is a April Fools Day RFC. While it's a great RFC and we have actually implemented it in our product, all in good fun of course, I don't know if its the best term when talking about traffic that may only be slightly evil :)
For your reference
http://www.breakingpointsystems.com/community/blog/rfc3514-setting-the-evil-bit/
Dennis
________________________________________
From: Al Morton [acmorton@att.com]
Sent: Saturday, October 29, 2011 9:02 AM
To: Dennis Cox; Kenneth Green; bmwg@ietf.org
Subject: Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00
At 08:49 AM 10/29/2011, Dennis Cox wrote:
>...Also, evil may not be the best word, perhaps malicious might be a
>bit used instead.
Both terms are used in http://tools.ietf.org/html/rfc3514
Al
(as participant)
- [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Jan Novak (janovak)
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 David Newman
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Dennis Cox
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Al Morton
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Al Morton
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Dennis Cox
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green
- Re: [bmwg] draft-green-bmwg-seceff-bench-meth-00 Kenneth Green