About RIPE | Contact  | Search | Sitemap    
Homepage RIPE 50  
RIPE50, 2-6 May 2005 Stockholm, Sweden
moooooose
     
Next Sectionyou are here: RIPE -> RIPE Meetings -> RIPE 50

RIPE Navigation Ends
RIPE 50 Home
Meeting Details
Attendee List
Presentations
Webcasts and Feedback
Minutes
Meeting Venue
Meeting Plan
Plenary Agenda
Working Group Agendas
Info for Newcomers
RIPE Dinner
General Information
Social Events
Contact Information
Contact Meeting
RIPE NCC Navigation Ends
Next Section

Draft Plenary Agenda

Tuesday

09:00 - 10:30

Webcast mms | http

Title: NTP from the IX
Speaker: Peter Lothberg, STUPI
Time: 60 minutes

Title: Anycast and BGP Stability - A Close Look at DNSMON Data
Speaker: Daniel Karrenberg, RIPE NCC
Time: 30 minutes

11:00 - 12:30:

Webcast mms | http

Title: DDoS Detection and Mitigation Experience using Arbor/Peakflow and Cisco/Guard
Speaker: Christian Panigl ACONET, Vienna University
Time: 30 minutes
Abstract: Since 2001, we have been experiencing frequent and severe (D)DoS attacks towards ACOnet customers, specifically towards IRC servers hosted and operated by ACOnet customers. As those attacks more and more frequently also affected the performance of ACOnet access and core routers we saw a desperate need for proper and dynamic mitigation mechanisms, in addition to static filters.

In January 2002, at RIPE 41/EOF, during a "Tutorial on DDoS", I learned about the diversion/learning/cleaning/re-injection concept of Wanwall, which I found very interesting. The only DoS mitigation appliance available in September 2002, which was not "inline", still was the Riverhead Guard (former Wanwall). We had a very cooperative and fruitful test installation in our production environment, resulting in some development feedback, from November 2002 and decided to purchase the system in March 2003. Since then we have upgraded it twice and are still, now under the label "Cisco Guard XT", very successfully using it. This system works nicely as soon as you know which attack target (IP addresses) needs to be protected. However, as the variation of the attacks was significantly increasing in 2004, we have been looking for a complementary system for anomaly detection. We ended up with a test installation of Arbor Networks Peakflow/DoS & Traffic in September 2004, have decided to purchase it, and are now migrating to their consolidated Service Provider platform Peakflow SP/CP, which is promising to enable direct interfacing with the Cisco Guard.

This talk will give an overview of the used components and configuration options, about our operational experience, and hopefully initiates some feedback from the audience about what everybody else is doing in this area.

Title: Watch Your Flows with NfSen and NFDUMP
Speaker: Peter Haag, SWITCH
Time: 30 minutes
Abstract: Using netflow data for network monitoring becomes very popular. So far, only a few tools are available to process netflow data. Different tasks also need different interfaces to the data. Command line processing as well as graphical web based interfaces have their advantages. NfSen is a tool written and used by SWITCH-CERT which combines all these advantages. The goal of NfSen is to get an overview of the network status and drilling down to the individual flow level when requested. Automatic monitoring and alerting tops off this tool. NfSen is used at SWITCH-CERT to track security incidents, worms, bot nets and other kind of network events. The presentation gives an introduction to NfSen/NFDUMP and demonstrates the various fields of application to track and analyze the netflow data.

OpenSource (BSD license):
http://nfdump.sourceforge.net/ & http://nfsen.sourceforge.net/

Title: SP DOS/Worm Incident Response Methodology: Detection, Analysis, Traceback & Mitigation Techniques
Speaker: Danny McPherson, Arbor Networks
Time: 30 minutes
Abstract: With the growing frequency and magnitude of Denial of Service (DOS) attacks in today's Internet, far-reaching technical and financial implications are becoming ever more apparent. There are an array of tools and techniques that service providers are employing in order to properly identify, classify, trace back and mitigate these attacks. This talk will cover how service providers are addressing the growing trends of DOS attack and Internet worms, including a new, global initiative taking place in which service providers are able to share attack information - scope, severity, impact - beyond network boundaries automatically.

14:00 - 15:30

Webcast mms | http

Title: BGP Convergence: Characterization and Optimization
Speaker: Clarence Fils, Cisco
Time: 45 minutes
Abstract: At RIPE 47, we gave an update on the similar work we did on IGP convergence to show how sub-second IGP convergence is conservative with current technology. http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-routing-igp.pdf

Two SP participated to the session to complement the technology analysis with SP experience:
http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-routing-fcp.pdf

http://www.ripe.net/ripe/meetings/ripe-47/presentations/ripe47-routing-isis.pdf

That IGP analysis was applicable to BGP traffic for Core Node and Link failures.

Since then, we have been focusing our effort on:

  • Convergence upon Route Reflector down/up scenario
  • Convergence upon BGP peering node down/up scenario
  • Convergence upon BGP peering link down/up scenario

This is the study I'd like to propose for the RP session at RIPE 50 (May 2005).

Like for the IGP, we have invested a lot of effort into detailed blackbox (what the end user sees) and whitebox (to understand the impact of each convergence components) analyses.

Like for the IGP, we have been doing this with two lead customers to ensure "reality" of the study. These two SPs have worldwide RFC2547 networks and while I cannot confirm their participation right now, I think it is very likely at least one of the two will agree to share their experience.

Title: OpenBGPd
Speaker: Henning Brauer, OpenBSD
Time: 30 minutes
Abstract: The talk gives a very quick overview to the BGP protocol and existing implementations and then dives into the implementation of OpenBGPD. While doing so we look at security problems in the protocol and what we did to solve or mitigate them. Attacks to the tcp sessions are briefly looked at, and we talk about using tcp md5 signatures and IPsec to prevent those

16:00 - 17:00

Webcast mms | http

Title: Current Status of Multicast IP
Speaker: Greg Shepard, Cisco
Time: 45 minutes
Abstract: What happened to IPMulticast? Is it still alive? Where? Who's using it and why? What are their biggest challenges today? Why has it not been deployed as rapidly as we all hoped? Is the dream of global multicast deployment still alive? If so, what are the current barriers to deployment today?

Title: IPv6 Routing Table Status
Speaker: Gert Döring, SpaceNet AG
Time: 20 minutes
Abstract: An update on the current status of the IPv6 routing table.

17:00 - 18:00

NSP-SEC BOF


This page has been updated: 9 May 2005
RELATED TOPICS
WHOIS SEARCH


 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community