Chairs: Brian Trammell, Nina Bargisen
Scribe: Chris Amin
Status: Draft
Leslie Daigle, Global Cyber Alliance
The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/37-202205-GCA-MAT-WG.pdf
Leslie Daigle presented an overview of unwanted traffic on the Internet and started a discussion on how it can be mitigated.
Jen Linkova asked if the GCA is only talking about IPv4 addresses. Leslie responded that yes, the analysis is currently only on IPv4.
Niall O’Reilly asked if it would be useful to have a website with reports to allow people to check data on their own networks. Leslie said she would be happy to share data with individual operators, but that she would like to first have community agreement on this.
Gert Doering was interested to see issues in his own network. He wondered what traffic patterns could be seen in attacks.
Shane Kerr asked for a definition of an attack. Leslie said that any contact with the honey farms, aside from filtered-out scans, is considered an “attack”.
Wolfram Friele
The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/86-RIPE-Alerts-idea-1.pdf
The students from Hogeschool Utrecht explained their anomaly detection project, which provides more value to RIPE Atlas anchor hosts using anchoring measurement results.
Daniel Karrenberg commended the team for developing such a useful concept. He also asked if the feedback module used machine learning, and if so what methodology it uses. Wolfram explained that it uses feature extraction to extract information about the AS and to predict if a value is an alert or not.
Shane Kerr asked how the team managed to carry out monitoring without running out of RIPE Atlas credits, which he had struggled with in the past. The team answered that they are relying on already running anchoring measurements rather than scheduling new measurements.
Daniel Nägele
The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/46-RIPE84-MAT-Flow-Monitoring-in-bwNET-1.pdf
Daniel Nägele described flowpipeline, a tool for monitoring network flows.
There were no questions.
Robert Kisteleki, RIPE NCC
The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/26-kisteleki-MAT-WG-RIPE-84.pdf
Robert Kisteleki gave a regular update from the RIPE NCC regarding its tools.
There were no questions.
MAT Working Group Chairs
Stephen Strowes and Massimo Candela introduced themselves as the two new working group chairs, joining Nina Bargisen and replacing Brian Trammel, who ended his term as chair.