Project

General

Profile

Translated addresses and ports » History » Version 4

Sélim Menouar, 02/11/2016 04:28 PM

1 1 Vérène Houdebine
h1. Translated addresses and ports
2 1 Vérène Houdebine
3 3 Sélim Menouar
h2. Aim: 
4 1 Vérène Houdebine
5 1 Vérène Houdebine
Offer a way to identify translated addresses and ports.
6 1 Vérène Houdebine
7 1 Vérène Houdebine
Most formats offer a way to specify whether a given address or port is pre or post translation. IDMEF doesn't offer this possibility because the translation process is younger than IDMEF. However, since translation has become a common practice, it appears to be absolutely necessary to include this information in the format.
8 1 Vérène Houdebine
9 3 Sélim Menouar
> *GH*: We could use Address.category_
10 1 Vérène Houdebine
11 3 Sélim Menouar
h2. Solution 1:
12 1 Vérène Houdebine
13 4 Sélim Menouar
Add an enumeration translation in Address Class
14 3 Sélim Menouar
15 3 Sélim Menouar
|_.Impacted Class|_.Proposed Field|_.Type   |
16 3 Sélim Menouar
|[[IDMEF_Node_Zoom|Address]]|Translation|no_translation
17 3 Sélim Menouar
pre_trabslation
18 3 Sélim Menouar
post_translation|
19 3 Sélim Menouar
20 3 Sélim Menouar
h3. Pros
21 3 Sélim Menouar
22 3 Sélim Menouar
* 
23 3 Sélim Menouar
24 3 Sélim Menouar
h3. Cons
25 3 Sélim Menouar
26 3 Sélim Menouar
* 
27 3 Sélim Menouar
28 3 Sélim Menouar
h2. Solution 2:
29 3 Sélim Menouar
30 4 Sélim Menouar
Add some options in the enumeration category of Address
31 3 Sélim Menouar
32 3 Sélim Menouar
|_.Impacted Class|_.Proposed Field|_.Type   |
33 3 Sélim Menouar
|[[IDMEF_Node_Zoom|Address]]|category|ipv4-addr-post-nat
34 3 Sélim Menouar
ipv4-addr-pre-nat
35 3 Sélim Menouar
ipv6-addr-post-nat
36 3 Sélim Menouar
ipv6-addr-pre-nat|
37 3 Sélim Menouar
38 3 Sélim Menouar
h3. Pros
39 3 Sélim Menouar
40 3 Sélim Menouar
h3. Cons
41 3 Sélim Menouar
42 3 Sélim Menouar
h2. Meetings:
43 3 Sélim Menouar
44 3 Sélim Menouar
+30/10/2015 Meeting+: This information is necessary. In order to avoid adding too much fields, we could use the category field from the class address and update the related dictionnary.