netsec-sig - Re: [Security-WG] I2 - Blocking Ports on the backbone?
Subject: Internet2 Network Security SIG
List archive
- From: John Kristoff <>
- To: Steven Wallace <>
- Cc: "" <>
- Subject: Re: [Security-WG] I2 - Blocking Ports on the backbone?
- Date: Thu, 1 Mar 2018 11:24:10 -0600
- Ironport-phdr: 9a23:WCE2vxwPZU7U3bfXCy+O+j09IxM/srCxBDY+r6Qd2+gWIJqq85mqBkHD//Il1AaPAd2Araocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HdbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHmiCkJKSM3/mLVhcx+lqJUrw6uqRNkzo7IYoyYLuZycr/Bcd8EQ2dKQ8ZfVzZGAoO5d4YBC+0BPeZer4LgolUOtxq+BRKwBOPoxD9IiGL90Ko40+Q9EgHLxxEvEMwWsHvOsdX1ML0eXv6ow6nV1DjOae5d1zTl6IXQbBwsoO+AUa51fMbNzEQjCR3Jg1WMpYHgIT+Zy/kBvmie4uV8Se6gkWwqpgRsrjWsyMchiozEiZkJxV/e6Cl0xZ06Kse8RUJlZ9OvDYFeuDuAN4RsR8MvW2Fotzg+yr0BoZO0ZigKx449xx7HcfCHco+I4gj/W+qLPDh3mmpld6iihxa260Sv1PDzVtSs3FZLqCpKjMXMu2gT2xHS9MSLVv5w8luk1DqRyQze6v1ILEUqmabGNpIswrs9mYYPvUvZHCL7nVj6gayYdkgk/+Wn8Pjoba/7qpKZLIB7kAXzPro2lsy6G+s4MwwOX2aB+eS70b3u5U/5QKlJjvAtj6bWrojaKt4Gpq69GQNazJss6wunAze8zNsYhWUHLE5CeB+flIjmJU3BIO3iDfe+n1StkC5nxv7JPrD6BpXNL2PDkKv6fbpj8UJcyQwzzcxB6JJODLEOPu7zVlHruNPGExA5Ll/8/+GyM8lwyI4YEV2GBquQO66a5UST+couPq+BaJJD6wzwM/w02/m7j2M6sVYddLOxm5oQcnv+Evl+KlidJ3fgn4QvC2AP6yg5TOqiq0eDSiJUaXj6C6Ag5Rk3BZqvEIOFS4yw1u/SlBynF4FbMzgVQmuHFm3lIt2J
On Thu, 1 Mar 2018 16:25:34 +0000
Steven Wallace
<>
wrote:
> Recommendation for additional Internet2 Network capabilities
> Following the advice of a small group of engineers experienced with
> Unwanted Traffic Removal Service (UTRS), Remote Triggered Black Hole
> Filtering (RTBH), and BGP FlowSpec, implement backbone support for
> all three mechanisms as-soon-as reasonable.
Note, having been the person behind the implementation and support of
UTRS at TC, most of you know I am no longer there and have nothing to
with it any longer. It is still running and I believe TC still
technically supports it, but I'm sorry to say I don't believe it has
lived up to the dream and seems unlikely to. I even ended up disabling
it here at DePaul. I'll take the blame for the lack of success and I'm
sorry to TC if this undermines the effort further, but I know I'm not
alone in this sentiment.
I know of at least one other group that was interested in trying to
recreate a version of UTRS elsewhere and I've suggested doing something
new and related, but other things have since taken over my time.
inter-AS flowspec was what I had plans to to add to UTRS next, but left
before I could safely deploy it. To relay flowspec messages successfully
and safely I would argue is not as simple as just "turning it on".
John
- [Security-WG] I2 - Blocking Ports on the backbone?, gcbrowni, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Steven Wallace, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, gcbrowni, 03/01/2018
- Message not available
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, John Kristoff, 03/01/2018
- RE: [Security-WG] I2 - Blocking Ports on the backbone?, Spurling, Shannon, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Chris Wopat, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Steven Wallace, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Steven Wallace, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Steven Wallace, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Chris Wopat, 03/01/2018
- RE: [Security-WG] I2 - Blocking Ports on the backbone?, Spurling, Shannon, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, John Kristoff, 03/01/2018
- Re: [Security-WG] I2 - Blocking Ports on the backbone?, Steven Wallace, 03/01/2018
Archive powered by MHonArc 2.6.19.