| | Summary of RepShield/NERD activity | Václav / Tomáš | - Notes for this agenda item
- https://docs.google.com/presentation/d/1krZgQarDQ23BWZt_EnCbPZZE7BRI6TOPI23kM7ig2sk/edit?usp=sharing
- ->
- RepShield should allow to search events by category, especially DDoS (for FOD)
- RepShield should receive NSHaRP events, especially ons regarding DDoS (for FOD)
- RepShield could differentiate different score values based on different time intervals (e.g. 1hour, 1week, 1month)
- open questions, especially regarding FOD rule proposal:
- How could suspect IP address effectively and accurately aggregated to prefixes for FOD rules (depending on the scalability regarding number of FlowSpec Rules in a Router)
- How could in future further information gained about suspect IP addresses by monitoring their activity with statistics of FOD ALLOW rules feed back to RepShield and its calculated score
- Is RepShield also useful for proposing firewall rules for envisioned SDN/NFV-based FwaaS (as successor of FOD) - maybe based on/being compatible with vendor solutions from, e.g., Corsa, A10, Radware; how would it have to be extended for that (also regarding feedback from FwaaS)
- In Future: RepShield Distributed, e.g., per NREN, exchanging local reputation score values (to overcome issues of legal/organizational/privacy policies)
|