Date

08 Feb 2017

Attendees

  • Linus Nordberg
  • Magnus Ahltorp
  • Silvia d'Ambrosio
  • Nino Ciurleo
  • Tomáš Čejka
  • Václav Bartoš
  • Evangelos Spatharas

  • David Schmitz

Goals

  • GN BPGVM (Best Practice Guide for Virtual Meetings) all please read again the BPGVM docs and think about how the information in it may be applied to our task to improve the task. But more important, during this VC try to track and compare the course of the whole meeting regarding theses BPGVM recommendations, anything which is good or which could be improved. At the end of the VC we will discuss your observations and review the VC accordingly.
  • Status Updates of work items (FOD/SecEventProcessing/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning
  • Review Open Action Points from last VC(s)
  • AOB
  • Review of this VC regarding GN Best Practice Guide for Virtual Meetings

Discussion items

TimeItemWhoNotes
 Status Firewall-On-Demand 
  • (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • Tomáš completed the full implementation of the port range feature (GUI + NETCONF) and got it to work on the second FOD test machine.
  • He also investigated and fixed a Django configuration issue on that test machine which broke the token mechanism for the REST API.
  • David will now test and evaluate the API in the next days.
  • Evangelos and Tomáš investigated how to get traffic statistics from the connected router about the usage of FlowSpec rules.
  • Finally, a solution using SNMP was found. Tomáš is now concentrating to realize the statistics feedback functionality for FOD users based on this. He has already successfully used a particular python module to gather the statistics via SNMP.
 Status DDoS Detection/Mitigation WG RadWare POC:
  • The learning phase of the RadWare POC at GARR is progressing.
  • It already identified an hitherto unknown DDoS attack traffic due to insecure, hacked commercial customer devices in the network.

Fastnetmon testing at GARR:
  • Nino and Silvia have solved the sampling issue by using now a supported Intel 10G network card (on FreeBSD test machine) with the help and experience of a colleague of University of Milano.
  • They now concentrate on white-box testing of fastnetmon, i.e. to try to understand its operation by understanding its code.
  • Black-box-Testing instead is not easy, as it would require very good and large network capture traces which not only contain the actual attack traffic but also any surrounding traffic. in order to really test fastnetmon's detection capabilities.
  • Traces containing mostly only attack traces alone are available in GARR.
  • But Tomáš will sent information about a DDoS booter he used for demonstration purposes at Valencia which could be used to trigger attacks on demand.

New WG VC Foodle Pool:
  • The time-range of the new Foodle poll for DDoS D/M WG VC is quite wide (until eof April).
  • The plan is to find a date in the nearer future asap.
  • So, please, all who want to attend and not yet filled the poll, fill it.

DDoS D/M Survey:
  • As only answers from 3 different NRENs were received so far, it was agreed to extend the survey period for to further months and to try to invite known NOC persons individually to it.
  • Tomáš will forward the invitation to responsible person in CESNET.
  • Nevertheless, Evangelos will also send the invitation to the whole APM mailing list to reach NREN personnel in general.
 Status RepShield 
  • Optimizations in DB for much faster searching of events
  • updated vagrant file for test VM set-up
  • support for periodic update of blacklists (also regarding config)
 Status Certificate Transparency CT server:
  • Currently working on the 0.10 release (Performance/Correctness testing for it is in progress)
  • It is expected to be ready today, 08.02.
  • For the future, a usage of GTS may be investigated, especially for continuously performed regression tests.
  • David will sent Linus/Magnus some links regarding netem/linux tc (for test-wise injection of network errors: delay,jitter,loss, duplication) which may be used for regression and robustness testing especially in combination with GTS.

Task-internal Demo/Presentation (user view of CT):
  • After the release, work will concentrate on the planned task-internal demo/presentation,
  • at first definition of use-cases/user-stories (in text at first) to demonstrate e.g how web browser users/CAs/domain owners profit use and profit from CT.

Gossip Draft:
  • The Gossip IETF draft passed its last call and is now waiting for next IESG meeting.
 F2F Meeting Planning 

New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of voyage duration). Please, all who have not done it, fill that poll.

David will resend the links to the poll.
(Maybe Tomas can present the new CESNET DDoS detection/mitigation system (washing machine) live there)

 GN Best Practice Guide for Virtual Meetings - Review of this VC results:
  • The proposed meeting time in agenda is quite short. So the (maximum) expected time should be enlarged in future.
  • Other from that, all recommendations of the BGP are already in place and no improvements necessary.
  • Moreover, the T6 regular VC is mainly for status updates and only for a small group of people, which also work for different areas. So, it normally requires not large discussions.
  • A too formal guide of rules to follow for that kind of VC is not really necessary.
 Next regular T6 VC In 2 weeks: 22.02.2017, 14:15-15:15 CET

Action items

  • David: test and evaluate FOD REST API
  • Evangelos: send survey invitation to APM mailing list
  • Tomáš: send invitation to survey to CESNET colleague
  • Tomáš: send information about booter to Nino/Silvia
  • Linus/Magnus: user-cases/user-stories in text form for CT usage
  • David: send links about netem/linux tc to Linus/Magnus
  • all interested in DDoS D/M WG: fill foodle
  • F2F Meeting Planning: fill foodle
  • all: Next regular T6 VC: 04.01.2017, 14:15-15:15 CE(S)T