MAT Working Group Minutes - RIPE 84

Chairs: Brian Trammell, Nina Bargisen 
Scribe: Chris Amin
Status: Draft

1. Data, Data Everywhere, And Now We Stop to Think

Leslie Daigle, Global Cyber Alliance

The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/37-202205-GCA-MAT-WG.pdf

Leslie Daigle presented an overview of unwanted traffic on the Internet and started a discussion on how it can be mitigated.

Jen Linkova asked if the GCA is only talking about IPv4 addresses. Leslie responded that yes, the analysis is currently only on IPv4.

Niall O’Reilly asked if it would be useful to have a website with reports to allow people to check data on their own networks. Leslie said she would be happy to share data with individual operators, but that she would like to first have community agreement on this.

Gert Doering was interested to see issues in his own network. He wondered what traffic patterns could be seen in attacks.

Shane Kerr asked for a definition of an attack. Leslie said that any contact with the honey farms, aside from filtered-out scans, is considered an “attack”.

2. Anomaly Alerting for RIPE Atlas

Wolfram Friele

The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/86-RIPE-Alerts-idea-1.pdf

The students from Hogeschool Utrecht explained their anomaly detection project, which provides more value to RIPE Atlas anchor hosts using anchoring measurement results.

Daniel Karrenberg commended the team for developing such a useful concept. He also asked if the feedback module used machine learning, and if so what methodology it uses. Wolfram explained that it uses feature extraction to extract information about the AS and to predict if a value is an alert or not.

Shane Kerr asked how the team managed to carry out monitoring without running out of RIPE Atlas credits, which he had struggled with in the past. The team answered that they are relying on already running anchoring measurements rather than scheduling new measurements.

3. Flow Monitoring in bwNet

Daniel Nägele

The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/46-RIPE84-MAT-Flow-Monitoring-in-bwNET-1.pdf

Daniel Nägele described flowpipeline, a tool for monitoring network flows.

There were no questions.

4. RIPE NCC Tools Update

Robert Kisteleki, RIPE NCC

The presentation is available at:
https://ripe84.ripe.net/wp-content/uploads/presentations/26-kisteleki-MAT-WG-RIPE-84.pdf

Robert Kisteleki gave a regular update from the RIPE NCC regarding its tools.

There were no questions.

5. Co-Chair Welcome and Farewell

MAT Working Group Chairs

Stephen Strowes and Massimo Candela introduced themselves as the two new working group chairs, joining Nina Bargisen and replacing Brian Trammel, who ended his term as chair.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum