| Time | Item | Who | Notes |
|---|
| | Firewall On Demand (FOD) | | - (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- Testing of new FOD features on FOD test machines
- goal in the upcoming weeks
- is to fully test the port range feature developed by Tomáš, as well as the graphs statistics module and REST API by GRNET,
- eventually also on the first test machine which is close to production as it is connected with the production network
- and for the first test machine it has to be investigated how the new FOD and its modules can be deployed suitable for and according to GEANT installation techniques/procedures (e.g. puppet usage)
- issue with conflict of names of graphs module still unsolved; Tomáš will investigate further
- issue with port specification: list of ports/port ranges don't work any more; Tomáš will investigate respective user input parsing code
|
| | DDoS Detection/Mitigation (D/M) WG | | - Fastnetmon testing at GARR:
- Silvia and Nino are still working at there proposal for multi-domain use of fastnetmon where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision of
- Actually they cooperate with other colleagues and also a range of users (with different operating/management requirements) in GARR to create a full POC together with them in GARR
- Silvia/Nino still may send Tangui preliminarily draft of their proposal so than Tangui can get a idea and can compare both solutions
- FlowMon DDoS Defender detection + A10 box mitigation testing
- A10 will provide a special reporting module which allows provision of statistics after the end of an attack
- The testing may check for consistency of statistics during and after attack (for later integration into extended FOD)
- Some weeks ago simple configuration change rendered FlowMon + DDoS Defender into serious crash which was not recoverable by reboot; has still to be investigated by FlowMon
- Deepfield detection + A10 box mitigation testing
- Serious bug exists which prevents Deepfield from actual DDoS detection even 20 minutes after the attack
- Some issues with the GUI exist
- Current limitation which allow only one type of mitigation action to be applied to a single subnet
- => Deepfield promised to fix these issues
- CORSA NSE7000 testing
- not yet started; but box is already in the lab
- DDoS D/M Survey:
- Poll for ddos@geant.org mailing list will end in 1-2 weeks, Evangelos will send final mail;
- Up to now 20 answers from 19 different NRENs: general evaluation of answers:
- balanced number of answers from managers, network engineers, and security engineers
- FOD is very well known to the (answering) NRENs
- Most of answering NRENs are using netflow-based DDoS detection
- GEANT-provided scrubbing center solution is desired by most of the answering NRENs (73.7%)
- Further collaboration with other NRENs desired: experience sharing (33.3%) or even common development (38.9%)
|
| | RepShield/NERD | | - Student work started which is trying to tag/classify ip addresses/hostnames according to
- their general type, e.g. VPN
- and their attack behaviour
|
| | Certificate Transparency (CT) | | As Linus and Magnus are not here today David will contact them separately about status
|
| | F2F Meeting Planning | | - New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of unclear voyage duration)
- So, first the potential locations have to be found. Candidates currently are:
- Garching near Munich (LRZ)
- Prague: possible
- Rome: possible, preferably after Summer (e.g in June, May)
- Stockholm
- Cambridge: possible
- For each of these potential location everyone should check how long travel might potentially be for she/him
|
| | Next VC | | In 4 weeks: 03.05.2017, 14:15-15:15 CE(S)T , as David is not available Wednesday in 2 weeks
|
