Internet2 Network Security SIG

[Brad Fleming <>]

I’m assuming RFC1918 IPs as the source, correct? Regardless of source or destination address I’m good with it. We shouldn’t be leaking that junk, if we are something is broken, and I don’t expect Internet2 or the greater community to deal with our failures. A publicly viewable counter on the firewall filter term could be useful; I could make one of our junior network team check the I2 counter every month to verify we don’t have an internal issue. I’d be fine if that instrumentation wasn’t added until later if I2 staff would like to move quickly on deploying filters but also want to gather more input from the community on exposing FW filter counters in this manner. 

--
Brad Fleming
Assistant Director for Technology
Kansas Research and Education Network

On Jan 7, 2019, at 10:13 AM, Adair Thaxton <> wrote:

I trust everyone had a nice break, and hasn't been driven up the wall by
bored children yet.  Our three-year-old reached the "why?" stage just in
time for break, so if you're still sane, I envy you!


- Internet2 is considering blocking all RFC1918 space at ingress links. 
We do not expect this to affect cloud tunnel traffic, or any legitimate
traffic.  However, we all know the pitfalls of that last statement,
especially on our networks!  We plan to start by logging RFC1918 traffic
only, and then move to blocking it.  We also plan to offer opt-outs for
customers who need them.  We would welcome your input on this, for our
benefit as well as for the benefit of other customers.


- Check your routing tables! 
https://twitter.com/InternetIntel/status/1080466509292621829


- Hat tip to researchers at the University of Maryland! 
https://www.theregister.co.uk/2019/01/03/recaptcha_voice_challenge/


- A lot of it, as it turns out. 
http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html


Happy new year, everybody!

Adair

Attachment: smime.p7s
Description: S/MIME cryptographic signature