Versions Compared

Old Version 1

changes.mady.by.user David Schmitz

Saved on

compared with

New Version 2

changes.mady.by.user David Schmitz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

22 Feb 2017

Attendees

  • Silvia d'Ambrosio
  • Nino Ciurleo
  • Tomáš Čejka
  • Václav Bartoš
  • Evangelos Spatharas
  • Jerry Sobieski

  • David Schmitz

Goals

  • Summary of RepShield/NERD activity (by Václav / Tomáš)
  • Status Updates of work items (FOD/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning: Discussing potential locations
  • Review Open Action Points from last VC(s)
  • AOB

Discussion items

TimeItemWhoNotes
 
  • https://docs.google.com/presentation/d/1krZgQarDQ23BWZt_EnCbPZZE7BRI6TOPI23kM7ig2sk/edit?usp=sharing
  • ->
      • RepShield should allow to search events by category, especially DDoS (for FOD)
      • RepShield should receive NSHaRP events, especially ons regarding DDoS (for FOD)
      • RepShield could differentiate different score values based on different time intervals (e.g. 1hour, 1week, 1month)
      • open questions, especially regarding FOD rule proposal:
          • How could suspect IP address effectively and accurately aggregated to prefixes for FOD rules (depending on the scalability regarding number of FlowSpec Rules in a Router)
          • How could in future further information gained about suspect IP addresses by monitoring their activity with statistics of FOD ALLOW rules feed back to RepShield and its calculated score
          • Is RepShield also useful for proposing firewall rules for envisioned SDN/NFV-based FwaaS (as successor of FOD) - maybe based on/being compatible with vendor solutions from, e.g., Corsa, A10, Radware; how would it have to be extended for that (also regarding feedback from FwaaS)
          • In Future: RepShield Distributed, e.g., per NREN, exchanging local reputation score values (to overcome issues of legal/organizational/privacy policies)
    

Action items

  •