Internet2 Network Security SIG

[Jesse Bowling <>]

Hi Adair,

Thank you for this! I think this is a great idea.

I’m sorry I’ve been a little slow in getting involved in some of these 
conversations, but am turning over a new leaf as some of my other non-Duke 
responsibilities are winding down.

Cheers,

Jesse

> On Dec 7, 2018, at 8:56 AM, Adair Thaxton 
> <>
>  wrote:
> 
> Good morning, everyone!  One of my takeaways from recent discussions was
> that it would be great if I could send out regular updates to the
> working group about what we've been up to at Internet2.
> 
> - The working group listserv had a good discussion about methods to
> detect DDoSes and trigger mitigation.  Specific tools mentioned were
> FastNetMon, Arbor Peakflow, Kentik, and Plixer Scrutinizer.
> 
> - We've been working with a team from CAIDA to test ARTEMIS, a BGP
> hijacking detection tool.  We have a TON of peers, so we're still
> working on getting them all added, which is creating false positives.
> 
> - We continue to work on being good MANRS participants.  We’ve gotten
> the prefixes we originate documented in the IRR and now have ROA’s for
> all of them. We have our contact information updated in the IRR and on
> our website, and have double-checked to ensure that all of our customer
> BGP sessions are protected by in-bound explicit BGP prefix-lists.
> Finally, we’ve applied unicast RPF to all of our host subnets, the ones
> that support our PAS servers, etc.
> 
> - An interesting article about a pentest that failed:
> https://threader.app/thread/1063423110513418240
> 
> - If you missed the MANRS webinar, it was recorded:
> https://internet2.zoom.us/recording/share/uhrmb_DXcB-AGdX7yAYqpTwl_Zcjudin7mpiXNElS6OwIumekTziMw
> 
> Adair

--
Jesse Bowling
ITSO::Security Architect & CSIRT Program Manager
jesse.bowling[AT]duke.edu::919-660-1073
334 Blackwell St::Durham, NC::27701

Attachment: signature.asc
Description: Message signed with OpenPGP