You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Date

 

05 Apr 2017

Attendees

Goals

  • Status Updates of work items (FOD/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning: Discussing potential locations
  • Review Open Action Points from last VC(s)
  • AOB

Discussion items

TimeItemWhoNotes
 Firewall On Demand (FOD) 
  • (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • Testing of new FOD features on FOD test machines
    • goal in the upcoming weeks
      • is to fully test the port range feature developed by Tomáš, as well as the graphs statistics module and REST API by GRNET,
      • eventually also on the first test machine which is close to production as it is connected with the production network
      • and for the first test machine it has to be investigated how the new FOD and its modules can be deployed suitable for and according to GEANT installation techniques/procedures (e.g. puppet usage)
    • issue with conflict of names of graphs module still unsolved; Tomáš will investigate further
    • issue with port specification: list of ports/port ranges don't work any more; Tomáš will investigate respective user input parsing code
 DDoS Detection/Mitigation (D/M) WG 
  • Fastnetmon testing at GARR:
    • Silvia and Nino are still working at there proposal for multi-domain use of fastnetmon where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision of
    • Actually they cooperate with other colleagues and also a range of users (with different operating/management requirements) in GARR to create a full POC together with them in GARR
    • Silvia/Nino still may send Tangui preliminarily draft of their proposal so than Tangui can get a idea and can compare both solutions
  • FlowMon DDoS Defender detection + A10 box mitigation testing
    • A10 will provide a special reporting module which allows provision of statistics after the end of an attack
    • The testing may check for consistency of statistics during and after attack (for later integration into extended FOD)
    • Some weeks ago simple configuration change rendered FlowMon + DDoS Defender into serious crash which was not recoverable by reboot; has still to be investigated by FlowMon
  • Deepfield detection + A10 box mitigation testing
    • Serious bug exists which prevents Deepfield from actual DDoS detection even 20 minutes after the attack
    • Some issues with the GUI exist
    • Current limitation which allow only one type of mitigation action to be applied to a simple subnet
    • => Deepfield promised to fix these issues
  • CORSA NSE testing
    • not yet started; but box is already in the lab
  • DDoS D/M Survey:
    • Poll for ddos@geant.org mailinglist will end in 1-2 weeks, Evangelos will send final mail;
    • Up to now 20 answers from 19 different NRENs: general evaluation of answers:
      • balanced number of answers from managers, network engineers, and security engineers
      • FOD is is very well known to the (answering) NRENs
      • Most of answering NRENs are using netflow-based DDoS detection
      • GEANT-provided scrubbing center solution is desired by most of the answering NRENs (73.7%)
      • Further collaboration with other NRENs desired: experience sharing (33.3%) or even common development (38.9%)
 RepShield/NERD 
  • Student work started which is trying to tag/classify ip addresses/hostnames according to
        • their general type, e.g. VPN
        • and their attack behaviour
 Certificate Transparency (CT) 

As Linus and Magnus are not here today David will contact them separately about status

 F2F Meeting Planning 
  • New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of unclear voyage duration)
  • So, first the potential locations have to be found. Candidates currently are:
        • Garching near Munich (LRZ)
        • Prague: possible
        • Rome: possible, preferably after Summer (e.g in June, May)
        • Stockholm
        • Cambridge: possible
  • For each of these potential location everyone should check how long travel might potentially be for she/him
 Next VC 

In 4 weeks: 03.06.2017, 14:15-15:15 CE(S)T

Action items

  • David: discuss with Evangelos about suitable new candidate NOC mailing lists for DDoS survey extension
  • all: think about potential new candidate NOC mailing lists for DDoS survey extension
  • Linus, Magnus: start to think about/prepare CT demo
  • all interested in DDoS D/M WG: fill new foodle
  • all: Next regular T6 VC: 04.01.2017, 14:15-14:45 CE(S)T
  • David/Evangelos/Tomáš: get plugin for graphs in FOD from GRNET running
  • Silvia/Nino: sent Tangui preliminary slides about fastnetmon proposal draft
  • Silvia/Nino: provide proposal about multi-domain usage scenario for fastnetmon in wiki (e.g., at or below DDoS Detection/Mitigation WG File Area)
  • Silvia/Nino: if possible, provide some summary in wiki about Radware POC (e.g., at or below DDoS Detection/Mitigation WG File Area)
  • all: think about potential new candidate NOC mailing lists for DDoS survey extension (URL of survey https://docs.google.com/forms/d/e/1FAIpQLSeY0tVy43S7W4Z65s2j1O73IxBNuZwV6fSWWGZWOat3TXqWYw/viewform?c=0&w=1&usp=mail_form_link)
  • Linus/Magnus/David: internal presentation for CT use cases/service
  • all interested in DDoS D/M WG: fill new foodle
  • all: think about location and possibility to host F2F meeting
  • all: Next regular T6 VC: 03.06.2017, 14:15-15:15 CE(S)T

 

  • No labels