You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
Date
08 Feb 2017
Attendees
- Linus Nordberg
- Magnus Ahltorp
- Silvia d'Ambrosio
- Nino Ciurleo
- Tomáš Čejka
- Václav Bartoš
- Evangelos Spatharas
David Schmitz
Goals
- GN BPGVM (Best Practice Guide for Virtual Meetings) all please read again the BPGVM docs and think about how the information in it may be applied to our task to improve the task. But more important, during this VC try to track and compare the course of the whole meeting regarding theses BPGVM recommendations, anything which is good or which could be improved. At the end of the VC we will discuss your observations and review the VC accordingly.
- Status Updates of work items (FOD/SecEventProcessing/CT)
- Status of DDoS Detection/Mitigation WG
- F2F-Meeting-Planning
- Review Open Action Points from last VC(s)
- AOB
- Review of this VC regarding GN Best Practice Guide for Virtual Meetings
Discussion items
Time | Item | Who | Notes |
---|
| Status Firewall-On-Demand | | - (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- Tomáš completed the full implementation of the port range feature (GUI + NETCONF) and got it to work on the second FOD test machine.
- He also investigated and fixed a Django configuration issue on that test machine which broke the token mechanism for the REST API.
- David will now test and evaluate the API in the next days.
- Evangelos and Tomáš investigated how to get traffic statistics from the connected router about the usage of FlowSpec rules.
- Finally, a solution using SNMP was found. Tomáš is now concentrating to realize the statistics feedback functionality for FOD users based on this. He has already successfully used a particular python module to gather the statistics via SNMP.
|
| Status DDoS Detection/Mitigation WG | | RadWare POC:- The learning phase of the RadWare POC at GARR is progressing.
- It already identified an hitherto unknown DDoS attack traffic due to insecure, hacked commercial customer devices in the network.
Fastnetmon testing at GARR:- Nino and Silvia have solved the sampling issue by using now a supported Intel 10G network card (on FreeBSD test machine) with the help and experience of a colleague of University of Milano.
- They now concentrate on white-box testing of fastnetmon, i.e. to try to understand its operation by understanding its code.
- Black-box-Testing instead is not easy, as it would require very good and large network capture traces which not only contain the actual attack traffic but also any surrounding traffic. in order to really test fastnetmon's detection capabilities.
- Traces containing mostly only attack traces alone are available in GARR.
- But Tomáš will sent information about a DDoS booter he used for demonstration purposes at Valencia which could be used to trigger attacks on demand.
New WG VC Foodle Pool:- The time-range of the new Foodle poll for DDoS D/M WG VC is quite wide (until eof April).
- The plan is to find a date in the nearer future asap.
- So, please, all who want to attend and not yet filled the poll, fill it.
DDoS D/M Survey:- As only answers from 3 different NRENs were received so far, it was agreed to extend the survey period for to further months and to try to invite known NOC persons individually to it.
- Tomáš will forward the invitation to responsible person in CESNET.
- Nevertheless, Evangelos will also send the invitation to the whole APM mailing list to reach NREN personnel in general.
|
| Status RepShield | | |
| Status Certificate Transparency | | |
| F2F Meeting Planning | | |
| | | |
| Next regular T6 VC | | |
Action items