About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [ncc-services-wg] Incident Response Service (IRS) [was: UnneededRIPE tasks] (fwd)

  • From: "Henk Uijterwaal (RIPE-NCC)" < >
  • Date: Mon, 25 Aug 2003 09:06:59 +0200 (CEST)
Dear Wilfried, Hank,

On Fri, 22 Aug 2003, Wilfried Woeber, UniVie/ACOnet wrote:

> >Section 5:
> >"Incident Response Service (IRS)
> >Procedures will be set up to quickly provide RIPE NCC members, the Internet
> >community and the general public with authoritative data about unusual
> >events on the Internet, such as DDoS on the RIPE NCC."

I wrote this sentence and the paragraphs before them and, with all due
respect, but I think that Hank cut away too much text here.

>   1) can we have a more elaborate description from the NCC of what
>      activities are expected to be performed under this headline?

These lines are part of a larger piece of text describing the Information
Services (IS) activity.  The goal of the IS activity is to collect
statistical data on the Internet, ranging from individual providers (for
example, RIS and TTM) via policy making groups (AP-WG on usage of
resources), the Internet community (for example: number of AS's and
prefixes seen) to the general public.

Collecting the data alone is not sufficient, of course, we also want to
make sure that the statistics we collect reaches the appropriate people in
a timely manner.

A subset of the IS activity is therefore to have procedures in place to
distribute reports on data (analysis) quickly if the need arises. It is
obviously not a goal to repeat what others are already doing quite well.
However, the RIPE NCC has data that others do not have, and this we want
to distribute.

For example, earlier this year, we published a report on the impact of the
sapphire worm on the Internet.  Another example is a recent discussion on
heise.de, on the unreachability on the .at ccTLD from the Telecom Austria
network, involving some fingerpointing.  NIC.AT already published the
plots, but this could have been another case where we'd publish our data
in order to (in)validate a claim.


>   2) is there any WG which could be polled or which has "adopted" this
>      activity for definition and development (or is expected to do so)?

As soon as the AP2004 is approved, we (Daniel K and myself) will write an
implementation document, describing the activities proposed under section
5 in more detail.  This document will be circulated to, I'd guess, the
services-WG and discussed there.

Cheers,

Henk


------------------------------------------------------------------------------
Henk Uijterwaal                             Email: henk.uijterwaal@localhost
RIPE Network Coordination Centre            WWW: http://www.ripe.net/home/henk
P.O.Box 10096          Singel 258           Phone: +31.20.5354414
1001 EB Amsterdam      1016 AB Amsterdam    Fax: +31.20.5354445
The Netherlands        The Netherlands      Mobile: +31.6.55861746
------------------------------------------------------------------------------

That problem that we weren't having yesterday, is it better? (Big ISP NOC)
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community