You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
Date
05 Apr 2017
Attendees
Goals
- Status Updates of work items (FOD/CT)
- Status of DDoS Detection/Mitigation WG
- F2F-Meeting-Planning: Discussing potential locations
- Review Open Action Points from last VC(s)
- AOB
Discussion items
Time | Item | Who | Notes |
---|
| Firewall On Demand (FOD) | | - (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- Testing of new FOD features on FOD test machines
- goal in the upcoming weeks
- is to fully test the port range feature developed by Tomáš, as well as the graphs statistics module and REST API by GRNET,
- eventually also on the first test machine which is close to production as it is connected with the production network
- and for the first test machine it has to be investigated how the new FOD and its modules can be deployed suitable for and according to GEANT installation techniques/procedures (e.g. puppet usage)
- issue with conflict of names of graphs module still unsolved; Tomáš will investigate further
- issue with port specification: list of ports/port ranges don't work any more; Tomáš will investigate respective user input parsing code
|
| DDoS Detection/Mitigation (D/M) WG | | - Fastnetmon testing at GARR:
- Silvia and Nino are still working at there proposal for multi-domain use of fastnetmon where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision of
- Actually they cooperate with other colleagues and also a range of users (with different operating/management requirements) in GARR to create a full POC together with them in GARR
- Silvia/Nino still may send Tangui preliminarily draft of their proposal so than Tangui can get a idea and can compare both solutions
- FlowMon DDoS Defender detection + A10 box mitigation testing
- A10 will provide a special reporting module which allows provision of statistics after the end of an attack
- The testing may check for consistency of statistics during and after attack (for later integration into extended FOD)
- Some weeks ago simple configuration change rendered FlowMon + DDoS Defender into serious crash which was not recoverable by reboot; has still to be investigated by FlowMon
- Deepfield detection + A10 box mitigation testing
- Serious bug exists which prevents deepfield from actual DDoS detection even 20 minutes after the attack
- Some issues with the GUI exist
- Current limitation which allow only one type of mitigation action to be applied to a simple subnet
- => Deepfield promised to fix these issues
- CORSA NSE testing
- not yet started; but box is already in the lab
- DDoS D/M Survey:
- Poll for ddos@geant.org mailinglist will end in 1-2 weeks, Evangelos will send final mail;
- Up to now 20 answers from 19 different NRENs: general evaluation of answers:
- balanced number of answers from managers, network engineers, and security engineers
- FOD is is very well known to the (answering) NRENs
- Most of answering NRENs are using netflow-based DDoS detection
- GEANT-provided scrubbing center solution is desired by most of the answering NRENs (73.7%)
- Further collaboration with other NRENs desired: experience sharing (33.3%) or even common development (38.9%)
|
| RepShield/NERD | | - Student work started which is trying to tag/classify ip addresses/hostnames according to
- their general type, e.g. VPN
- and their attack behaviour
|
| Certificate Transparency (CT) | | As Linus and Magnus are not here today David will contact them separately about status
|
| F2F Meeting Planning | | - New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of unclear voyage duration)
- So, first the potential locations have to be found. Candidates currently are:
- Garching near Munich (LRZ)
- Prague: possible
- Rome: possible, preferably after Summer (e.g in June, May)
- Stockholm
- Cambridge: possible
- For each of these potential location everyone should check how long travel might potentially be for she/him
|
| Next VC | | In 4 weeks: 03.06.2017, 14:15-15:15 CE(S)T
|
Action items
- David/Evangelos/Tomáš: get plugin for graphs in FOD from GRNET running
- Silvia/Nino: sent Tangui preliminary slides about fastnetmon proposal draft
- Silvia/Nino: provide proposal about multi-domain usage scenario for fastnetmon in wiki (e.g., at or below DDoS Detection/Mitigation WG File Area)
- Silvia/Nino: if possible, provide some summary in wiki about Radware POC (e.g., at or below DDoS Detection/Mitigation WG File Area)
- all: think about potential new candidate NOC mailing lists for DDoS survey extension (URL of survey https://docs.google.com/forms/d/e/1FAIpQLSeY0tVy43S7W4Z65s2j1O73IxBNuZwV6fSWWGZWOat3TXqWYw/viewform?c=0&w=1&usp=mail_form_link)
- Linus/Magnus/David: internal presentation for CT use cases/service
- all interested in DDoS D/M WG: fill new foodle
- all: think about location and possibility to host F2F meeting
- all: Next regular T6 VC: 03.06.2017, 14:15-15:15 CE(S)T