Date

Attendees

Goals

  • Status Updates of work items (FoD/RepShield), especially:
        • FoD v1.6 pilot
            • extended FoD rule concept / FRU and RepShield:
                  • FoD rules: add taglist attribute for grouping, e.g. NSHaRP proposal for a single NSHaRP event
                  • Proposed FoD rules: possible for users to delete them
                  • user settings regarding rule proposal
            • Deliverable
            • Unparseable format of NSHARP mail reports
            • DeIC FoD Installation -> recommendations based on DeIC's experiences
  • Review Open Action Points from last VC(s)
  • AOB
      • PSNC FoD Installation Issue
      • ACONET FoD EDUgain issue

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • FoD v1.5 production
  • FoD v1.6 development
          • questions from reviewers for pilot report deliverable have been addressed
          • Tomáš investigating libraries to realize adequately grouped/filtered display of events proposed for a same DDoS event as well as based on arbitrary, user-specified tags
          • FoD demo/presentation for SIGNoC meeting successful
  • Warden collector FlowMon2IDEA script on test FlowMon machine updated to new version provided by CESNET
  • Issue of changed NSHaRP event email reports
  • Evangelos will check status of ACONET's issue of accessing FoD in combination with EDUgain: Evangelos will arrange VC with GEANT T+I experts
  • TODO: Investigation of how to use FlowMon DDoS Defender events from production Flowmon for testing Warden (still in progress)

DDoS Detection/Mitigation (D/M) WG

GARR DDoS D/M PoCs/Testing Framework

      • The results of PoCs successfully presented in SIG NOC meeting
      • White paper writing/updating in progress

Next VC

In 2 weeks: 12.12.2018, 14:15-15:15 CE(S)T

Action items

  • Evangelos/David: check status of ACONET's issue of accessing FoD in combination with EDUgain
  • Evangelos/Václav: install new Warden collector FlowMon2IDEA script on test FlowMon machine updated to new version provided by CESNET
  • Evangelos/David: investigate issue of changed NSHaRP event email reports
  • David: Investigation of how to use FlowMon DDoS Defender events from production Flowmon for testing Warden (still in progress)
  • David: test DDos testing tool provided by Tomáš
  • all: next regular T6 VC: 12.12.2018, 14:15-15:15 CE(S)T


  • No labels