Internet2 Network Security SIG

[George Loftus <>]

It is great to see such active involvement from so many on this thread.  We 
appreciate all the input and appreciate Steve Wallace’s efforts in kicking 
this off.   We wanted you to know that we are following this thread carefully 
and see it as a way to gather some input from all of you on how we, as a 
community, might work to address this need.     We heard from several members 
at the Technology Exchange, especially during the Network Member and 
Connectors BoF that this is an important issue.  We have started some 
preliminary talks with some vendors on potential solutions.  But there is 
nothing better than hearing from all of you, as we have in this thread , 
about what you would like to consider as potential solutions.

- George


> On Oct 22, 2015, at 11:24 AM, Dale W. Carder 
> <>
>  wrote:
> 
> Thus spake Taylor, Scott J. 
> ()
>  on Wed, Oct 21, 2015 at 02:36:46AM +0000:
>> 
>> I’m starting to believe that the IU guys that are doing SCI-Flow (?) have 
>> the right model for DDoS mitigation as well as expressing elephant flows.  
>> Why can’t when we detect these attacks, we program a controller to drop.  
>> I’m also very curious to spend some more time with vendors on the 
>> BGP-Flowspec capabilities and maybe using something like that to drop 
>> traffic at our edge.  Based on what we’ve seen in CT I have to believe we 
>> could easily knock out the less sophisticated attacks.
> 
> One of our campuses is using fastnetmon monitoring a UDP-only feed 
> from a mirror port on our router.  With detection in a few seconds, 
> it then uses exabgp to inject a flowspec rule into our network to 
> block the traffic across our AS.  As far as free goes, this is pretty 
> much just off the shelf.
> 
> Dale