Internet2 Network Security SIG

[Mark Montalto <>]

Dan, OSHEAN may be one of those employing Kentik - if you're interested in hearing how OSHEAN integrated Kentik into an automated detection and scrubbing architecture with Akamai let us know. 

Attached is an Akamai brief on our implementation, while it does not highlight Kentik, Kentik's analytics engine drives the code we've developed that detects an attack on the OSHEAN network and members.

Thanks - Mark

Mark Montalto - Vice President

617-827-6928

---

From: <> on behalf of Magorian, Daniel F. <>
Sent: Tuesday, November 20, 2018 2:33:26 PM
To:
Subject: RE: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?

 

Thanks guys, I’ll check into Kentik and Fastnetmon. 

 

So Jason, are you saying that for $8k you licensed Arbor SP Virtual Peakflow, and use it for triggering only?  Or do you scrub with it as well?

 

I’m trying to figure out which service or software that is, very confusing esp after the Netscout acquisition

 

http://resources.arbornetworks.com/wp-content/uploads/DS_Flexible_Licensing.pdf

Data Sheet ARBOR NETWORKS SP FLEXIBLE LICENSING

resources.arbornetworks.com

Key Features & Benefits Greater Performance and Scalability Flex Licensing is a software only licensing model that allows entitlements to be moved and used where most beneficial,

 

https://www.netscout.com/product/arbor-cloud

 

Thanks,  Dan

 

From: <> On Behalf Of Sullivan, Jason W - (jsullivan)
Sent: Tuesday, November 20, 2018 2:04 PM
To:
Subject: Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?

 

https://github.com/pavel-odintsov/fastnetmon was a decent tool, although we ditched it for virtual Arbor SP (peekflow) -was 8k for perpetual licensing, 20k fps.

 

On 11/20/18 12:01 PM, James Deaton wrote:

I know that several of the state networks are using Kentik to trigger it. I think some of them are on this list but if they don't speak up, I'd be happy to connect you with some folks. I know one of them left RapidBGP because of the lack of controls and issues they ran into and use Kentik to do the triggering now.


-- 

James

On Nov 20, 2018, at 12:41 PM, Daniel F. Magorian wrote:

Hello Security WG folks!

We are having issues with ZenEdge/Oracle Dyn's RapidBGP triggering of their scrubbing, and while they're figuring that out, I thought I would ask people what tools they use to trigger scrubbing of subsets of your prefixes.

Yes, I know several folks have Arbox Peakflow boxes for on-prem scrubbing, and use these to signal Zenedge's as well.

So does anyone have a netflow-based tool that seems to work well?

Thanks, Dan

-----Original Message-----
From: Magorian, Daniel F.
Sent: Wednesday, October 3, 2018 10:34 AM
To:
Subject: RE: [Security-WG] What are folks' experience using Zenedge's scrubbing service....

We have the RapidBGP alerting service, and the main issue is false positives from stuff like big user downloads and high volume of inbound traffic to our Forcepoint/Websense http proxies. They're supposed to trigger on multiple criteria not just volume, but when we complain to their tech support, they respond a few days later saying they'll adjust something or other, all very non-transparent. They have also promised more useful stuff in the portal; right now it doesn't even know about the alerts they've sent you email about, basically broken. Still a work in progress...

Dan

-----Original Message-----
From: On Behalf Of Steven Wallace
Sent: Wednesday, October 3, 2018 10:25 AM
To:
Subject: [Security-WG] What are folks' experience using Zenedge's scrubbing service....

Greeting all,

Grateful if folks could share their experience using Zenedge’s scrubbing service. Specifically, how does engaging, and removing, the scrubbing service affect access to the hosts being scrubbed.

Is there a hit? Do users notice?

Thanks,

Steve

 

 

Attachment: Akamai-OSHEAN-Prolexic-CS_for-customer-review_08-19-18.docx
Description: Akamai-OSHEAN-Prolexic-CS_for-customer-review_08-19-18.docx