You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Date

Attendees

  • Simona Venuti
  • Tomáš Čejka
  • Linus Nordberg
  • Magnus Ahltorp

  • David Schmitz

Goals

  • Discuss start of regular task meeting time in future (maybe 14:10 or 14:15 CET ?)
  • Refocus of current development activities
  • Discuss "GN Best Practice Guide for Virtual Meetings" and Team Communication Plan (TCP) concept (see attached documents)
  • Status Updates of work items (FOD/SecEventProcessing/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning
  • Review Open Action Points from last VC(s)
  • AOB

     

     

Discussion items

TimeItemWhoNotes
 Start of meeting time in future 
  • As it is more appropriate for Silvia, Nino and Marco it was agreed now that in future our regular T6 VCs should start 15 minutes later, i.e. at 14:15 CET
  • Anyone who may have a problem with this, please tell
 Refocusing of current development in JRA2T6 in upcoming months 
  • It was decided with Jerry that in future, upcoming months the development activities (except CT development) have to be refocusing on FOD, i.e. making tangible progress on features in FOD
     which directly contribute to visible, useful functionality:

  • These features/functionalities are (ordered by priority, with most priority being on top):

    1. REST API for rule creation/change/deletion (in the new version on github): get it running and tested, and if needed enhancing it

    2. Replace the current NETCONF communication to the routers by direct BGP (e.g. using exabgp)

    3. Rule statistics monitoring: to visualize how many packets an active rule is actually dropping/rate-limiting to enable a FOD user (= NREN NOC member) to see the effect of a rule over time (e.g. to answer when did

    an mitigated attack actually stopped ?)

    4. Implement logging of FOD user activities, i.e. rules created/changed/deleted, especially regarding the automated rule change (1.)

  • David created a initial wiki page for development information of FOD which currently only contains the link to (new) github version: JRA2T6 Work Items / Firewall On Demand

  • Tomas agreed that he and Vaclav will provide development man power in next months and help so to get the new FOD version running, tested and will help to implement needed features

  • For this, David will liaise with Evangelos to get ssh accounts for Tomas and Vaclav on FOD testing machines (both will provide ssh keys for this purpose)

  • First goals are to get known to FOD code and installation (of new version) and then to test its REST API

 Status of FOD 
  • no progress regarding trial to get old FOD running with python2.7 on second testing machine
 Status of RepShield/NERD Status 

Status of RepShield development (Václav) 

  • Reimplemented user database (this was necessary to allow implementation of API)
  • Installed and started to learn to work with Postgres. The user database in now implemented in it and it is planned o use it for other parts of NERD in the future as well.
  • A few minor tweaks and bugfixes

CERT of local ISP/Data Center has started to use Nerd productive (Tomáš)

  • They like it and use it as a query ifc for abuse handling (e.g. spam handling, infected servers) which has done previously only via e-mail
  • idea: learn from their experience regarding proposing of DDoS mitigation rules for FOD

Tomáš was on CNSM2016 conference where NEMEA and evidence capture monitoring probe (developed in hardware by CESNET) for realizing DDoS washing machine by CESNET have been discussed and ideas how to continue in research regarding this.

Tomáš already has proposed to give a presentation of this DDoS detection/mitigation system to give in next DDoS D/M WG VC, maybe next week on Wednesday; this has still to be planned.

 

 Status of DDoS detection/mitigation WG 

Testing fastnetmon by Nino

  • Already mirroring GARR netflow data to fastnetmon
  • still have to tune exporter parameters (of production routers), as non production-influencing method for this is investigated
  • Nino will provide first intermediate testing results of fastnetmon on wiki in fastnetmon testing

DDoS Survey

  • David will Ask Evangelos how to distribute the survey in coordinated and polite way to the mailing lists provided by Simona (maybe ask Nicole Harris)
 Status of CT 
  • Release plan will be updated in jira: have two releases, v0.9 and v1.0alpha, before eof year
  • DFN Cert installed inofficial v0.9: provided info and feedback
  • bootstrapping trust via VCs and pgp keys (Web of Trust) done for future key/configuration distribution
 

"GN Best Practice Guide for Virtual Meetings" and

"Team Communication Plan (TCP)"

 
  • everyone may check the respective  documents (attached to the mails of the invitation to this meeting and the mail informing about these notes) and may think about how we may use the recommendations to improve our future meetings and the task communication in general
 Next regular T6 VC 

  • In 4 weeks, as in 2 weeks David is on another GN meeting, i.e. 14.12.2016, 14:15-14:45 CE(Sa)T

  • David will individually contact all members about status before this one in 2 weeks

Action items

  • a
  •  
  • all: Next regular T6 VC: 14.12.2016, 14:15-14:45 CE(S)T
  • No labels