datatracker.ietf.org
Sign in
Version 5.6.2.p1, 2014-07-22
Report a bug

The Intrusion Detection Exchange Protocol (IDXP)
RFC 4767

Document type: RFC - Experimental (March 2007; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4767 (Experimental)
Responsible AD: Sam Hartman
Send notices to: <mike@cs.hmc.edu>, <stuart@silicondefense.com>

Network Working Group                                       B. Feinstein
Request for Comments: 4767                             SecureWorks, Inc.
Category: Experimental                                       G. Matthews
                                           CSC/NASA Ames Research Center
                                                              March 2007

            The Intrusion Detection Exchange Protocol (IDXP)

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This memo describes the Intrusion Detection Exchange Protocol (IDXP),
   an application-level protocol for exchanging data between intrusion
   detection entities.  IDXP supports mutual-authentication, integrity,
   and confidentiality over a connection-oriented protocol.  The
   protocol provides for the exchange of IDMEF messages, unstructured
   text, and binary data.  The IDMEF message elements are described in
   RFC 4765, "The Intrusion Detection Message Exchange Format (IDMEF)",
   a companion document of the Intrusion Detection Exchange Format
   Working Group (IDWG) of the IETF.

Table of Contents

   1. Introduction ....................................................3
      1.1. Purpose ....................................................3
      1.2. Profiles ...................................................3
      1.3. Terminology ................................................3
   2. The Model .......................................................4
      2.1. Connection Provisioning ....................................4
      2.2. Data Transfer ..............................................6
      2.3. Connection Teardown ........................................7
      2.4. Trust Model ................................................8
   3. The IDXP Profile ................................................8
      3.1. IDXP Profile Overview ......................................8
      3.2. IDXP Profile Identification and Initialization .............9
      3.3. IDXP Profile Message Syntax ................................9
      3.4. IDXP Profile Semantics .....................................9

Feinstein & Matthews          Experimental                      [Page 1]
RFC 4767                          IDXP                        March 2007

           3.4.1. The IDXP-Greeting Element ..........................10
           3.4.2. The Option Element .................................11
           3.4.3. The IDMEF-Message Element ..........................12
   4. IDXP Options ...................................................12
      4.1. The channelPriority Option ................................13
      4.2. The streamType Option .....................................14
   5. Fulfillment of IDWG Communications Protocol Requirements .......16
      5.1. Reliable Message Transmission .............................16
      5.2. Interaction with Firewalls ................................16
      5.3. Mutual Authentication .....................................16
      5.4. Message Confidentiality ...................................17
      5.5. Message Integrity .........................................17
      5.6. Per-Source Authentication .................................17
      5.7. Denial of Service .........................................18
      5.8. Message Duplication .......................................18
   6. Extending IDXP .................................................18
   7. IDXP Option Registration Template ..............................19
   8. Initial Registrations ..........................................19
      8.1. Registration: The IDXP Profile ............................19
      8.2. Registration: The System (Well-Known) TCP Port
           Number for IDXP ...........................................19
      8.3. Registration: The channelPriority Option ..................20
      8.4. Registration: The streamType Option .......................20
   9. The DTDs .......................................................20
      9.1. The IDXP DTD ..............................................20
      9.2. The channelPriority Option DTD ............................22
      9.3. The streamType DTD ........................................23
   10. Reply Codes ...................................................24
   11. Security Considerations .......................................25
      11.1. Use of the TUNNEL Profile ................................25
      11.2. Use of Underlying Security Profiles ......................25
   12. IANA Considerations ...........................................25

[include full document text]