| Status DDoS Detection/Mitigation WG | | RadWare POC:- The learning phase of the RadWare POC at GARR is progressing.
- It already identified an hitherto unknown DDoS attack traffic due to insecure, hacked commercial customer devices in the network.
Fastnetmon testing at GARR:- Nino and Silvia have solved the sampling issue by using now a supported Intel 10G network card (on FreeBSD test machine) with the help and experience of a colleague of University of Milano.
- They now concentrate on white-box testing of fastnetmon, i.e. to try to understand its operation by understanding its code.
- Black-box-Testing instead is not easy, as it would require very good and large network capture traces which not only contain the actual attack traffic but also any surrounding traffic. in order to really test fastnetmon's detection capabilities.
- Traces containing mostly only attack traces alone are available in GARR.
- But Tomáš will sent information about a DDoS booter he used for demonstration purposes at Valencia which could be used to trigger attacks on demand.
New WG VC Foodle Pool:- The time-range of the new Foodle poll for DDoS D/M WG VC is quite wide (until eof April).
- The plan is to find a date in the nearer future asap.
- So, please, all who want to attend and not yet filled the poll, fill it.
DDoS D/M Survey:- As only answers from 3 different NRENs were received so far, it was agreed to extend the survey period for to further months and to try to invite known NOC persons individually to it.
- Tomáš will forward the invitation to responsible person in CESNET.
- Nevertheless, Evangelos will also send the invitation to the whole APM mailing list to reach NREN personnel in general.
|