is to fully test the port range feature developed by Tomáš, as well as the graphs statistics module and REST API by GRNET,
eventually also on the first test machine which is close to production as it is connected with the production network
and for the first test machine it has to be investigated how the new FOD and its modules can be deployed suitable for and according to GEANT installation techniques/procedures (e.g. puppet usage)
issue with conflict of names of graphs module still unsolved; Tomáš will investigate further
issue with port specification: list of ports/port ranges don't work any more; Tomáš will investigate respective user input parsing code
DDoS Detection/Mitigation (D/M) WG
Fastnetmon testing at GARR:
Silvia and Nino are still working at there proposal for multi-domain use of fastnetmon where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision of
Actually they cooperate with other colleagues and also a range of users (with different operating/management requirements) in GARR to create a full POC together with them in GARR
Silvia/Nino still may send Tangui preliminarily draft of their proposal so than Tangui can get a idea and can compare both solutions
A10 will provide a special reporting module which allows provision of statistics after the end of an attack
The testing may check for consistency of statistics during and after attack (for later integration into extended FOD)
Some weeks ago simple configuration change rendered FlowMon + DDoS Defender into serious crash which was not recoverable by reboot; has still to be investigated by FlowMon
Deepfield detection + A10 box mitigation testing
Serious bug exists which prevents Deepfield from actual DDoS detection even 20 minutes after the attack
Some issues with the GUI exist
Current limitation which allow only one type of mitigation action to be applied to a single subnet
=> Deepfield promised to fix these issues
CORSA NSE7000 testing
not yet started; but box is already in the lab
DDoS D/M Survey:
Poll for ddos@geant.org mailing list will end in 1-2 weeks, Evangelos will send final mail;
Up to now 20 answers from 19 different NRENs: general evaluation of answers:
balanced number of answers from managers, network engineers, and security engineers
FOD is very well known to the (answering) NRENs
Most of answering NRENs are using netflow-based DDoS detection
GEANT-provided scrubbing center solution is desired by most of the answering NRENs (73.7%)
Further collaboration with other NRENs desired: experience sharing (33.3%) or even common development (38.9%)
RepShield/NERD
Student work started which is trying to tag/classify ip addresses/hostnames according to
their general type, e.g. VPN
and their attack behaviour
Certificate Transparency (CT)
As Linus and Magnus are not here today David will contact them separately about status
F2F Meeting Planning
New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of unclear voyage duration)
So, first the potential locations have to be found. Candidates currently are:
Garching near Munich (LRZ)
Prague: possible
Rome: possible, preferably after Summer (e.g in June, May)
Stockholm
Cambridge: possible
For each of these potential location everyone should check how long travel might potentially be for she/him
Next VC
In 4 weeks: 03.05.2017, 14:15-15:15 CE(S)T , as David is not available Wednesday in 2 weeks
Action items
David/Evangelos/Tomáš: get plugin for graphs in FOD from GRNET running
Silvia/Nino: send Tangui preliminary slides about fastnetmon proposal draft
Silvia/Nino: provide proposal about multi-domain usage scenario for fastnetmon in wiki (e.g., at or below DDoS Detection/Mitigation WG File Area)
Silvia/Nino: if possible, provide some summary in wiki about Radware POC (e.g., at or below DDoS Detection/Mitigation WG File Area)
