netsec-sig - Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?
Subject: Internet2 Network Security SIG
List archive
Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?
Chronological Thread
- From: "James Deaton" <>
- Cc:
- Subject: Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?
- Date: Tue, 20 Nov 2018 13:01:27 -0600
- Ironport-phdr: 9a23:m8oDihZ9d3H0uDl5FV7En6L/LSx+4OfEezUN459isYplN5qZr8q4bnLW6fgltlLVR4KTs6sC17KG9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjSn7qdrUwToiCYBNz427WrZlNV+h79VoBKguRN/x5Pba5yROPdwYq/ReNUXTndDUMlMTSxMGoyzYYwBAeQCP+lYoYj9qVsToxSiHgSjHv/jxyVSi3LswaE30eIsGhzG0gw6GNIOtWzZoNvxOqgIVOC60rLIxijNYfxIwzj99I/IchYvrfqRWr9wc9TexlQ0GgPKlFWft5bqPy+N1uQJqWeb7uxgVfm1h24htQ5xviGiy8ExgYfHgYIVz0rL9SR/wIstJt23Vkh7YcKlEJtTrS2VK4x2QsYkTmp1uyg60qULtYC6cSQWypkqwhDfZv+cfISU5x/uW+WcLDZ3iX9gZr6zmxO//E2jx+DyV8S4yEtGoyhKn9XWt30A1Qbf58iJR/dn8EqtwTaC2x7J5uxGP0w4j7TXJpEgz7IqmZcfrELOFTLslkrslq+ZbEAk9/Co6+v5ZrXmoYeRN4puhQH/NqQig9W/AfglPgQXUGmW+uqx2bz58U32R7VKifI2kq3Hv5zAOcsboau5DxdU0oYl9Rm/Ey+r3MoZkHUbLl9IfRyHgovyNF3SJf31AvSyjlWjnTpu2fzKIrjsD5DOI3XNkbrtZbN95FRdyAo3w9Bf/ZVUCrQZLfLxRED+qcfVDhAjMwOq2ennFM191ocEVmKOBK+ZK7nesVmW6eIzO+WMfpMauC7hK/g54P7jlWQ5lkEBcqm0x5sXaWy4H/R/L0SXbnrhmdMBEWYRvgoiV+zmlkeOUT9VZ3auQa08/Dc7B5y6DYvdXIyinqGO3DroVrNMYWUTQHKFFHrzP6mJUusLbmjads1snhQLT7WoV5cl3BCor0n8xqYxfbmcwTERqZ+2jIs93ObUjxxnrmR5
I know that several of the state networks are using Kentik to trigger it. I think some of them are on this list but if they don't speak up, I'd be happy to connect you with some folks. I know one of them left RapidBGP because of the lack of controls and issues they ran into and use Kentik to do the triggering now.
--
--
James
On Nov 20, 2018, at 12:41 PM, Daniel F. Magorian <> wrote:
Hello Security WG folks!
We are having issues with ZenEdge/Oracle Dyn's RapidBGP triggering of their scrubbing, and while they're figuring that out, I thought I would ask people what tools they use to trigger scrubbing of subsets of your prefixes.
Yes, I know several folks have Arbox Peakflow boxes for on-prem scrubbing, and use these to signal Zenedge's as well.
So does anyone have a netflow-based tool that seems to work well?
Thanks, Dan-----Original Message-----
From: Magorian, Daniel F.
Sent: Wednesday, October 3, 2018 10:34 AM
To:
Subject: RE: [Security-WG] What are folks' experience using Zenedge's scrubbing service....
We have the RapidBGP alerting service, and the main issue is false positives from stuff like big user downloads and high volume of inbound traffic to our Forcepoint/Websense http proxies. They're supposed to trigger on multiple criteria not just volume, but when we complain to their tech support, they respond a few days later saying they'll adjust something or other, all very non-transparent. They have also promised more useful stuff in the portal; right now it doesn't even know about the alerts they've sent you email about, basically broken. Still a work in progress...
Dan
-----Original Message-----
From: <> On Behalf Of Steven Wallace
Sent: Wednesday, October 3, 2018 10:25 AM
To:
Subject: [Security-WG] What are folks' experience using Zenedge's scrubbing service....
Greeting all,
Grateful if folks could share their experience using Zenedge’s scrubbing service. Specifically, how does engaging, and removing, the scrubbing service affect access to the hosts being scrubbed.
Is there a hit? Do users notice?
Thanks,
Steve
- [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Magorian, Daniel F., 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, James Deaton, 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Sullivan, Jason W - (jsullivan), 11/20/2018
- RE: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Magorian, Daniel F., 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Mark Montalto, 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Sullivan, Jason W - (jsullivan), 11/20/2018
- RE: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Magorian, Daniel F., 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Sullivan, Jason W - (jsullivan), 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Brad Fleming, 11/20/2018
- RE: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Magorian, Daniel F., 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, David Farmer, 11/20/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Brad Fleming, 11/20/2018
- RE: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Magorian, Daniel F., 11/20/2018
- [Security-WG] Re: What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, Beals, Damon G, 11/21/2018
- Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?, James Deaton, 11/20/2018
Archive powered by MHonArc 2.6.19.