[Oisf-users] OISF IDS Suricata MIB - alpha release

Mark Ashley mark at ibiblio.org
Mon Feb 10 07:03:53 UTC 2014


Hi folks,


Whilst we wait for the IANA to issue an enterprise number to the OISF for
their MIBs, here's what I'll be sending to our NMS so it can grok the traps
that barnyard2 is sending.

TODO: Replace the example enterprise number '999' with the real one when it
arrives.

The MIB copies the same OID numbers as defined in the snort one back in
2002... this mostly is for compatibility as the header file in the
barnyard2 SNMP module uses those. There's nothing stopping a full re-edit
etc, as long as there is a new spo_snmp.h created as well for barnyard2 to
be recompiled with. I added a timezone OID as it seemed useful.

The old MIB:
http://www.kolaja.eu/documents/bachelors_thesis/snort/snort-1.8.4/MIBS/SnortIDAlertMIB.txt

The new OISF MIB passes the full level 6 validation tests at
http://wwwsnmp.cs.utwente.nl/ietf/mibs/validate/

To improve the style OISF might want to split the file into a main OISF-MIB
for the enterprise and one for a OISF-SURICATA-MIB file. This serves as a
useful base to add in new fields as needed.

ta,
Mark.




The OID list I grew the MIB from is here:

suricata_oids.txt

oisf root
    999
                1.3.6.1.4.1.999
    0           1.3.6.1.4.1.999.0        oisf.trap
        1       1.3.6.1.4.1.999.0.1      oisf.trap.oisfTrapTrapID
                    Counter32
        2       1.3.6.1.4.1.999.0.2      oisf.trap.oisfTrapTimeStamp
                    DisplayString(SIZE(0..26)) -- 2014-02-03_16:56:25.481721
        3       1.3.6.1.4.1.999.0.3      oisf.trap.oisfTrapActionTaken
                    INTEGER (1..7)
                        1 alert
                        2 drop
                        3 streamdrop
                        4 reject
                        5 pass
                        6 log
                        7 log
        4       1.3.6.1.4.1.999.0.4      oisf.trap.oisfTrapMsg
                    DisplayString(SIZE(0..255))
        5       1.3.6.1.4.1.999.0.5      oisf.trap.oisfTrapMoreInfo
                    DisplayString(SIZE(0..255))
        6       1.3.6.1.4.1.999.0.6      oisf.trap.oisfTrapSrcAddressType
                    InetAddressType
        7       1.3.6.1.4.1.999.0.7      oisf.trap.oisfTrapSrcAddress
                    InetAddress
        8       1.3.6.1.4.1.999.0.8      oisf.trap.oisfTrapDstAddressType
                    InetAddressType
        9       1.3.6.1.4.1.999.0.9      oisf.trap.oisfTrapDstAddress
                    InetAddress
        10      1.3.6.1.4.1.999.0.10     oisf.trap.oisfTrapSrcPort
                    InetPortNumber
        11      1.3.6.1.4.1.999.0.11     oisf.trap.oisfTrapDstPort
                    InetPortNumber
        12      1.3.6.1.4.1.999.0.12     oisf.trap.oisfTrapStartTime
                    DisplayString(SIZE(0..26))
        13      1.3.6.1.4.1.999.0.13     oisf.trap.oisfTrapOccurences
                    Counter32
        14      1.3.6.1.4.1.999.0.14     oisf.trap.oisfTrapImpact
                    INTEGER (1..12)
                        1 unknown
                        2 badUnknown
                        3 notSuspicious
                        4 attemptedAdmin
                        5 successfulAdmin
                        6 attemptedDos
                        7 successfulDos
                        8 attemptedRecon
                        9 successfulReconLimited
                        10 successfulReconLargescale
                        11 attemptedUser
                        12 successfulUser
        15      1.3.6.1.4.1.999.0.15     oisf.trap.oisfTrapSrcAddressList
                    OCTET STRING (SIZE0..1024))
        16      1.3.6.1.4.1.999.0.16     oisf.trap.oisfTrapDstAddressList
                    OCTET STRING (SIZE0..1024))
        17      1.3.6.1.4.1.999.0.17     oisf.trap.oisfTrapSrcPortList
                    OCTET STRING (SIZE0..1024))
        18      1.3.6.1.4.1.999.0.18     oisf.trap.oisfTrapDstPortList
                    OCTET STRING (SIZE0..1024))
        19      1.3.6.1.4.1.999.0.19     oisf.trap.oisfTrapScanDuration
                    Counter32
        10      1.3.6.1.4.1.999.0.20     oisf.trap.oisfTrapScanedHosts
                    Counter32
        21      1.3.6.1.4.1.999.0.21     oisf.trap.oisfTrapTCPScanCount
                    Counter32
        22      1.3.6.1.4.1.999.0.22     oisf.trap.oisfTrapUDPScanCount
                    Counter32
        23      1.3.6.1.4.1.999.0.23     oisf.trap.oisfTrapScanType
                    INTEGER (1..4)
                        1 other
                        2 stealth
                        3 aggressive
                        4 unknown
        24      1.3.6.1.4.1.999.0.24     oisf.trap.oisfTrapEventStatus
                    INTEGER (1..5)
                        1 other
                        2 start
                        3 inProgress
                        4 end
                        5 unknown
        25      1.3.6.1.4.1.999.0.25     oisf.trap.oisfTrapEventPriority
                    INTEGER (1..255)
        26      1.3.6.1.4.1.999.0.26     oisf.trap.oisfTrapSrcMACAddress
                    MacAddress
        27      1.3.6.1.4.1.999.0.27     oisf.trap.oisfTrapDstMACAddress
                    MacAddress
        28      1.3.6.1.4.1.999.0.28     oisf.trap.oisfTrapProto
                    DisplayString(SIZE(0..128))
        29      1.3.6.1.4.1.999.0.29     oisf.trap.oisfSignatureID
                    Integer32
        30      1.3.6.1.4.1.999.0.30     oisf.trap.oisfSignatureRev
                    Integer32
        31      1.3.6.1.4.1.999.0.31     oisf.trap.oisfSignatureMsg
                    DisplayString(SIZE(0..255))
        32      1.3.6.1.4.1.999.0.32     oisf.trap.oisfPacketPrint
                    DisplayString(SIZE(0..255))
        33      1.3.6.1.4.1.999.0.33     oisf.trap.oisfGeneratorID
                    Integer32
        34      1.3.6.1.4.1.999.0.34     oisf.trap.oisfSensorID
                    Integer32
        35      1.3.6.1.4.1.999.0.35     oisf.trap.oisfClassification
                    DisplayString(SIZE(0..255))
        36      1.3.6.1.4.1.999.0.36     oisf.trap.oisfInterface
                    DisplayString(SIZE(0..128))
        37      1.3.6.1.4.1.999.0.37     oisf.trap.oisfTrapTimeZone
                    DisplayString(SIZE(0..128))
    4           1.3.6.1.4.1.999.4        oisf.product
        1       1.3.6.1.4.1.999.4.1      oisf.product.ids
            1   1.3.6.1.4.1.999.4.1.1    oisf.product.ids.suricata
                1      1.3.6.1.4.1.999.4.1.1.1
oisf.product.ids.suricata.oisfSuricataVersion
                    DisplayString(SIZE(0..128))
                2      1.3.6.1.4.1.999.4.1.1.2
oisf.product.ids.suricata.oisfSuricataDescription
                    DisplayString(SIZE(0..128))
                3      1.3.6.1.4.1.999.4.1.1.3
oisf.product.ids.suricata.oisfSuricataUptime
                    TimeStamp



and the full MIB file is:


OISF-MIB DEFINITIONS ::= BEGIN

--
-- Top-level infrastructure for the OISF enterprise MIB tree
--

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Counter32,
    Integer32,
    enterprises
        FROM SNMPv2-SMI
    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    TEXTUAL-CONVENTION,
    DisplayString,
    MacAddress,
    TimeStamp
        FROM SNMPv2-TC
    InetPortNumber,
    InetAddress,
    InetAddressType
        FROM INET-ADDRESS-MIB;

oisf MODULE-IDENTITY
    LAST-UPDATED "201402100000Z"               -- 10th Feb 2014, midnight
    ORGANIZATION "openinfosecfoundation.org"
    CONTACT-INFO "postal:   OISF
                            416 Main St Suite 3
                            Lafayette, Indiana, 47901
                            USA

                  email:    oisf-team at openinfosecfoundation.org
                  phone:    +1-765-429-0398
                 "
    DESCRIPTION  "Top-level infrastructure for the OISF Enterprise MIB tree
                 "
    REVISION     "201402100000Z"                  -- 10th Feb 2014, midnight
    DESCRIPTION "First draft."

    ::= { enterprises 999}

--
-- Definitions for new textual conventions
--
    OisfInetAddrList ::= TEXTUAL-CONVENTION
        DISPLAY-HINT "1x:"
        STATUS  current
        DESCRIPTION
           "This data type is used to model a list of IP addresses.
            The format will be as follows-
                [Type:]FromIP[-ToIP]] [[Type]:FromIP[-ToIP]] .......]
            It is essentially a set of zero or more IP address ranges
            separated by a space character.
            Each IP addres range is preceded by a Address type indecator
            which is '4' or '6'. By default the address type is 4.
            4 indicates that the address range pertains to the IPv4
            address domain. 6 indicates that the address range pertains
            to the IPv6 range."
        SYNTAX  OCTET STRING (SIZE (0..1024))

    OisfInetPortList ::= TEXTUAL-CONVENTION
        DISPLAY-HINT "1x:"
        STATUS  current
        DESCRIPTION
           "This data type is used to model a list of ports
            The format will be as follows-
                FromPort[-ToPort] [FromPort[-ToPort] .......]
            It is essentially a set of zero or more port number ranges
            separated by a space character."
        SYNTAX  OCTET STRING (SIZE (0..1024))


--
-- OISF SNMP trap definitions
--
oisfTrap OBJECT IDENTIFIER ::= { oisf 0 }

    oisfTrapTrapID OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "Unique identifier of the trap"
        ::= { oisfTrap 1 }

    oisfTrapTimeStamp OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..26)) -- 2014-02-16_16:56:25.481721
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "Time stamp of when the trap was generated"
        ::= { oisfTrap 2 }

    oisfTrapActionTaken OBJECT-TYPE
        SYNTAX     INTEGER {
            alert(1),
            drop(2),
            streamDrop(3),
            reject(4),
            pass(5),
            log(6),
            none(7)
        }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "Action that were taken on this alert. Multiple actions are
possible"
        ::= { oisfTrap 3 }

    oisfTrapMsg OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "Message associated with the triggered alert.
            If there is no message, this field will be blank"
        ::= { oisfTrap 4 }

    oisfTrapMoreInfo OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "More information pertaining to this alert. This might include
URLs
            and other sources of reference information.  If there is no
information,
            this field will be blank"
        ::= { oisfTrap 5 }

    oisfTrapSrcAddressType OBJECT-TYPE
        SYNTAX     InetAddressType
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The type of adddress that was the source of the alert"
        ::= { oisfTrap 6 }

    oisfTrapSrcAddress OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The Internet address of the source of the alert, if known.
            This will be a zero length string if the source address is
unknown,
            not available or, not applicable."
        ::= { oisfTrap 7 }

    oisfTrapDstAddressType OBJECT-TYPE
        SYNTAX     InetAddressType
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The type of adddress that was the target of the alert"
        ::= { oisfTrap 8 }

    oisfTrapDstAddress OBJECT-TYPE
        SYNTAX     InetAddress
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The Internet address of the target of the alert, if known.
            This will be a zero length string if the target address is
unknown,
            not available or, not applicable."
        ::= { oisfTrap 9 }

    oisfTrapSrcPort OBJECT-TYPE
        SYNTAX     InetPortNumber
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The port number, if known, from where the attack has
originated."
        ::= { oisfTrap 10 }

    oisfTrapDstPort OBJECT-TYPE
        SYNTAX     InetPortNumber
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The port number to where the attack was targeted."
        ::= { oisfTrap 11 }

    oisfTrapStartTime OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..26)) -- 2014-02-16_16:56:25.481721
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "Time stamp of when the event causing this alert was detected."
        ::= { oisfTrap 12 }

    oisfTrapOccurences OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The number of occurences of the event that is being reported
in this alert."
        ::= { oisfTrap 13 }

    oisfTrapImpact OBJECT-TYPE
        SYNTAX     INTEGER {
            unknown(1),
            badUnknown(2),
            notSuspicious(3),
            attemptedAdmin(4),
            successfulAdmin(5),
            attemptedDos(6),
            successfulDos(7),
            attemptedRecon(8),
            successfulReconLimited(9),
            successfulReconLargescale(10),
            attemptedUser(11),
            successfulUser(12)
        }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The evaluated impact of the attack."
        ::= { oisfTrap 14 }

    oisfTrapSrcAddressList OBJECT-TYPE
        SYNTAX     OisfInetAddrList
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The list of source addresses applicable to this alert."
        ::= { oisfTrap 15 }

    oisfTrapDstAddressList OBJECT-TYPE
        SYNTAX     OisfInetAddrList
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The list of destination addresses applicable to this alert."
        ::= { oisfTrap 16 }

    oisfTrapSrcPortList OBJECT-TYPE
        SYNTAX     OisfInetPortList
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The list of source ports applicable to this alert."
        ::= { oisfTrap 17 }

    oisfTrapDstPortList OBJECT-TYPE
        SYNTAX     OisfInetPortList
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The list of destination ports applicable to this alert."
        ::= { oisfTrap 18 }

    oisfTrapScanDuration OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The duration of the scan being reported in this alert."
        ::= { oisfTrap 19 }

    oisfTrapScanedHosts OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The number of hosts scanned by the attack being reported in
this alert."
        ::= { oisfTrap 20 }

    oisfTrapTCPScanCount OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The number of TCP scans seen in the attack being reported in
this alert."
        ::= { oisfTrap 21 }

    oisfTrapUDPScanCount OBJECT-TYPE
        SYNTAX     Counter32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The number of UDP scans seen in the attack being reported in
this alert."
        ::= { oisfTrap 22 }

    oisfTrapScanType OBJECT-TYPE
        SYNTAX     INTEGER {
            other(1),
            stealth(2),
            aggressive(3),
            unknown(4)
        }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The type of scan being seen in the attack being reported in
this alert."
        ::= { oisfTrap 23 }

    oisfTrapEventStatus OBJECT-TYPE
        SYNTAX     INTEGER {
            other(1),
            start(2),
            inProgress(3),
            end(4),
            unknown(5)
        }
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The status of the event being reported in the alert.
             The alert may report the start or end of an event.
             It may also provide intermediate reports on event
             in progress."
        ::= { oisfTrap 24 }

    oisfTrapEventPriority OBJECT-TYPE
        SYNTAX     Integer32 (1..255)
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The priority of the event being reported in this alert."
        ::= { oisfTrap 25 }

    oisfTrapSrcMACAddress OBJECT-TYPE
        SYNTAX     MacAddress
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The 802 MAC address seen in source address part of the
             datagram carrying packet which has caused this alert."
        ::= { oisfTrap 26 }

    oisfTrapDstMACAddress OBJECT-TYPE
        SYNTAX     MacAddress
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "The 802 MAC address seen in destination address part of the
             datagram carrying packet which has caused this alert."
        ::= { oisfTrap 27 }

    oisfTrapProto OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..128))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The traffic protocol of the attack that caused this alert"
        ::= { oisfTrap 28 }

    oisfSignatureID OBJECT-TYPE
        SYNTAX     Integer32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The ID of the signature which matched the attack that caused
this alert"
        ::= { oisfTrap 29 }

    oisfSignatureRev OBJECT-TYPE
        SYNTAX     Integer32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The revision of the signature which matched the attack that
caused this alert"
        ::= { oisfTrap 30 }

    oisfSignatureMsg OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The message from the signature which matched the attack that
caused this alert"
        ::= { oisfTrap 31 }

    oisfPacketPrint OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The hash of the invariant part of the packet that caused the
event.
             The algorithm that generated the hash is documented in
oisfSensorHashAlgorithm.
             The hash print has the following format
                 <The hash value generated by sidaSensorHashAlgorithm> ':'
                 <The length of the packet that was hashed>            ':'
                 <The TTL of the packet>
                 NULL string termination character
             The hash value is represented in hexadecimal notation."
        ::= { oisfTrap 32 }

    oisfGeneratorID OBJECT-TYPE
        SYNTAX     Integer32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The ID of the generator in the source code which created the
alert."
        ::= { oisfTrap 33 }

    oisfSensorID OBJECT-TYPE
        SYNTAX     Integer32
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The ID of the sensor on the IDS which saw the traffic which
created the alert."
        ::= { oisfTrap 34 }

    oisfClassification OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..255))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The classification of the rule which caused the alert."
        ::= { oisfTrap 35 }

    oisfInterface OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..128))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The name of the interface from which the traffic came that
caused the alert."
        ::= { oisfTrap 36 }

    oisfTrapTimeZone OBJECT-TYPE
        SYNTAX     DisplayString(SIZE(0..128))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
             "The timezone of the IDS that caused the alert."
        ::= { oisfTrap 37 }

--
-- OISF / Product / IDS / Suricata information
--
oisfProduct       OBJECT IDENTIFIER ::= { oisf 4 }
ids               OBJECT IDENTIFIER ::= { oisfProduct 1 }
suricata          OBJECT IDENTIFIER ::= { ids 1 }

    oisfSuricataVersion OBJECT-TYPE
        SYNTAX       DisplayString (SIZE(0..25))
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Version number of the Suricata software which generated the
SNMP trap"
        ::= { suricata 1 }

    oisfSuricataDescription OBJECT-TYPE
        SYNTAX       OCTET STRING (SIZE(0..1024))
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Description of the Suricata software which generated the SNMP
trap"
        ::= { suricata 2 }

    oisfSuricataUptime OBJECT-TYPE
        SYNTAX       TimeStamp
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Time, in seconds, since the Suricata software was invoked"
        ::= { suricata 3 }

--
-- SNMP Conformance information
--
oisfConformance OBJECT IDENTIFIER ::= { oisf 3 }
oisfCompliances OBJECT IDENTIFIER ::= { oisfConformance 1 }
oisfGroups      OBJECT IDENTIFIER ::= { oisfConformance 2 }

oisfTrapCompliance MODULE-COMPLIANCE
    STATUS current
    DESCRIPTION
        "The compliance statement for the SNMP entities which implement the
OISF MIB"
    MODULE
        MANDATORY-GROUPS { oisfTrapGroup, oisfIDSSuricataGroup }
    ::= { oisfCompliances 1 }

oisfTrapGroup OBJECT-GROUP
    OBJECTS {
        oisfClassification,
        oisfGeneratorID,
        oisfInterface,
        oisfPacketPrint,
        oisfSensorID,
        oisfSignatureID,
        oisfSignatureMsg,
        oisfSignatureRev,
        oisfTrapActionTaken,
        oisfTrapDstAddress,
        oisfTrapDstAddressList,
        oisfTrapDstAddressType,
        oisfTrapDstMACAddress,
        oisfTrapDstPort,
        oisfTrapDstPortList,
        oisfTrapEventPriority,
        oisfTrapEventStatus,
        oisfTrapImpact,
        oisfTrapMoreInfo,
        oisfTrapMsg,
        oisfTrapOccurences,
        oisfTrapProto,
        oisfTrapScanDuration,
        oisfTrapScanType,
        oisfTrapScanedHosts,
        oisfTrapSrcAddress,
        oisfTrapSrcAddressList,
        oisfTrapSrcAddressType,
        oisfTrapSrcMACAddress,
        oisfTrapSrcPort,
        oisfTrapSrcPortList,
        oisfTrapStartTime,
        oisfTrapTCPScanCount,
        oisfTrapTimeStamp,
        oisfTrapTimeZone,
        oisfTrapTrapID,
        oisfTrapUDPScanCount
    }
    STATUS current
    DESCRIPTION
        "The SNMP objects used to describe and dispatch the SNMP traps from
         OISF IDS software."
    ::= { oisfGroups 1 }

oisfIDSSuricataGroup OBJECT-GROUP
    OBJECTS {
        oisfSuricataDescription,
        oisfSuricataUptime,
        oisfSuricataVersion
    }
    STATUS current
    DESCRIPTION
        "The SNMP objects used to describe the OISF IDS Suricata software."
    ::= { oisfGroups 2 }

END
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140210/e5f2d55c/attachment-0001.html>


More information about the Oisf-users mailing list