Date

11 Jan 2017

Attendees

  • Silvia d'Ambrosio
  • Nino Ciurleo
  • Tomáš Čejka
  • Václav Bartoš

  • David Schmitz

Goals

 

  • Status Updates of work items (FOD/SecEventProcessing/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning
  • Review Open Action Points from last VC(s)
  • AOB

Discussion items

 

TimeItemWhoNotes
 FOD Status 

(info page for FOD development JRA2T6 Work Items / Firewall On Demand)


- Tomáš implemented port range feature for new git version of FOD (with python 2.7).
- Will be tested at FOD test machine(s), (Tomáš will provide vagrant scripts to allow to identically recreate his test VM/installation for comparison purposes)

- Next, Tomáš is investigating now for the rule statistics (feedback to user about usage of rule) feature

 

 DDoS Detection/Mitigation WG RadWare washing machine POC in GARR:
- started together with one GARR user institution (CNR) in December for 3 months, Nino will provide experience about it later when it is available
- currently in learning mode (link between GARR and CNR)

Fastnetmon testing at GARR:
- plan to cooperate with University in Milano regarding the use of 1G Intel NIC supported by fastnetmon in full capture mode (no sampling necessary)

DDoS D/M Survey:
- announcement mail sent to NREN CERT/CSIRT mailing list by Evangelos in December (for duration of 4 weeks planned)
- answer(s) from 2 NREN (CARNET, LITNET) up to now
-> extend duration and extend list of receiver mailing lists (e.g. NREN NOCs):
  -> find suitable candidates
  -> dicuss with Evangelos about it

DDoS D/M WG VC:
- David will create a new Foodle for WG VC.
- Tomáš plans to present new CESNET DDoS detection/mitigation system (washing machine) there

TF-CSIRT meeting:
- Evangelos, Simona, Tomáš and Václav will attend the next TF-CSIRT meeting in Valencia
- Tomáš will give a hands-on tutorial for the CESNET security solutions, e.g. netflow collection, NEMEA, RepShield/NERD, Warden.
 RepShield/NERD Status - fixed so that searching for network entities other than IP addresses (e.g AS numbers) now really works
- optimization regarding DB
 CT status - Currently working on the 0.10 release, basically planned for release on 2017-01-31
- Task-internal Demo (user view of CT) planned for mid-Feb 2017
 F2F Meeting Planning - David will create new Foodle for it
- Maybe Tomas can present the new CESNET DDoS detection/mitigation system (washing machine) live there.
 Next regular T6 VC Next VC: 25.01.2017, 14:15-14:45 CEST

Action items

 

  • David, Evangelos, Tomáš: test/install new version with port-range feature
  • RECURRING: all: Find further procpect mailing lists/mail addresses, e.g. NREN NOCs, to invite to the survey
  • David: Create new foodle for next DDoS D/M WG
  • David: Create new foodle for F2F meeting in 2017
  • all: Next regular T6 VC: 25.01.2017, 14:15-14:45 CEST