| Status of FOD | | - no changes yet
- currently 14 subscribers (NOCs)
- plans in GEANT internally to bundle FOD with an RepShield/IDS and integrate with SD => coordination with T6 of this is desirable
- test-fod: currently not connected to a router, but will be soon connected to the Cambridge Lab
- Next features to develop:
- usage functionality: support specification of src/dst port-ranges instead of list of single ports
- usage functionality: table/graph of number of pakets (vs. time) blocked per rule
- internally (management functionality): logging of user activity: e.g. for debugging
- Other missing features, having been discussed:
- IPv6: depending on JUNOS in GEANT which does not supports BGP flow spec with IPv6 for now; anyway, currently not much DDoS via IPv6 experienced
- API for automated rule proposal from Repshield in future; generally: how to derive FOD rules (ideally with src/dst addresses) from reputation scores
- Some NRENs, especially also among FOD subscribers are searching for alternative DDoS detection/mitigation solutions, e.g. from Arbor => idea: try to liase with them (invite to our DDoS DM(detection and mitigation) WG) and find out what are their requirements
- GEANT: ideas/plans to investigate about solution for washing machine from ATEN (combination with flowmon as IDS)
- => track this activity (Evangelos) and coordinate with T6 as far as possible;
- CESNET: own hardware card solution (also in cooperation with flowmon) being under development: 1st milestone planned this summer, planned to be used in CESNET for protecting universities against attacks from GN/NRENs/other upstream; idea: later-on also test this inside GEANT
|