Internet2 Network Security SIG

[gcbrowni <>]

All,

memcached has raised this as a discussion item again. There had been a bit of 
discussion recently as well regarding (AT&T?) declaring they just block ports 
without telling folks, and then memcached came along. I believe we last 
discussed this at Technology Exchange and the community came to the 
conclusion that it was not something they wanted Internet2 to pursue.

This is another opportunity for us to change our minds, or discuss more. 
But…. I think there’s a far more interesting discussion to be had also. 

We’ve spun up some documentation and tutorial sessions on Routing Security … 
I wonder if we might not do the same regarding DDOS mitigations on I2? 
Community-string based blocking, Flowspec, and maybe some talk of the DDOS 
service … if we can do it in a way that doesn’t have a sales orientation. 
Maybe something like "how to be prepared if you want to use it on a moments 
notice", or something like that. 

A strong community push for Flowspec, supported by documentation and 
tutorials, would seem to get us a decent way down the blocking road, as a 
community, while it still being member self service option. And, frankly, 
strong support from the WG would help us prioritize resources to get it in 
place.


That’s just my thoughts. Does anyone have more/different ideas or commentary?


-G