Adventures in Linked Data Land (presentation by Richard Light)jottevanger
"Adventures in Linked Data Land: bringing RDF to the Wordsworth Trust" is a paper given by RIchard Light (http://uk.linkedin.com/pub/richard-light/a/221/ba5) to a Linked Data meeting run by the Collections Trust in February 2010. He runs through the basics of LD, how it relates to cultural heritage, and some of his experiments with it, specifically with the data of the Wordsworth Trust, finally listing a series of challenges that face museums in trying to get on board the Linked Data bus.
Apache Spark's Built-in File Sources in DepthDatabricks
In Spark 3.0 releases, all the built-in file source connectors [including Parquet, ORC, JSON, Avro, CSV, Text] are re-implemented using the new data source API V2. We will give a technical overview of how Spark reads and writes these file formats based on the user-specified data layouts. The talk will also explain the differences between Hive Serde and native connectors, and share the experiences of how to tune the connectors and choose the best data layouts for achieving the best performance.
Adventures in Linked Data Land (presentation by Richard Light)jottevanger
"Adventures in Linked Data Land: bringing RDF to the Wordsworth Trust" is a paper given by RIchard Light (http://uk.linkedin.com/pub/richard-light/a/221/ba5) to a Linked Data meeting run by the Collections Trust in February 2010. He runs through the basics of LD, how it relates to cultural heritage, and some of his experiments with it, specifically with the data of the Wordsworth Trust, finally listing a series of challenges that face museums in trying to get on board the Linked Data bus.
Apache Spark's Built-in File Sources in DepthDatabricks
In Spark 3.0 releases, all the built-in file source connectors [including Parquet, ORC, JSON, Avro, CSV, Text] are re-implemented using the new data source API V2. We will give a technical overview of how Spark reads and writes these file formats based on the user-specified data layouts. The talk will also explain the differences between Hive Serde and native connectors, and share the experiences of how to tune the connectors and choose the best data layouts for achieving the best performance.
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
During IT Nation 2013, MSP Product Manager Dima Kumets presented this breakout session, sharing how Umbrella for MSPs can decrease costs, increase revenue, and improve customer retention.
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
Malware reversing is a conventional threat intelligence strategy that is being challenged to keep up with the fast-paced evolution of threats. To stay ahead of bad actors, the next generation security intelligence engine is big data, not malware reversing. An advanced generation of security intelligence teams has risen with mathematicians, algorithmic geniuses and big data researchers.
The buzz words sound impressive but what does this actually mean in practice?
On Jan 22nd, OpenDNS Security Researcher, Dhia Mahjoub, and Senior Product Manager, Dima Kumets, went under the hood of OpenDNS Security Research Labs. Their discussion included such topics as:
-What the OpenDNS Researchers actually do and why it's so different from traditional sample analysis
-The process of developing and improving learning machines as developed by Dhia and the Labs Team
-Insights gained from looking at Internet traffic as a whole
-The difference in Big Data insight vs Malware Reversing
-The latest threats OpenDNS Security Labs is mitigating
AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also.
This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups.
AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.
Jessica Gadling is a Software Engineer at OpenDNS. She gave a talk and demo at OpenLate (http://www.meetup.com/OpenLate/) on October 21st, 2014 on why Docker was chosen as a central component in OpenDNS's internal PaaS Quadra.
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldCisco Canada
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
Carlos Dominguez, Senior Vice President in Cisco’s Office of the Chairman of the Board and CEO
As the industry begins enabling the Internet of Everything, the ways we work and do business will change at lightning speed – again. What will that seismic shift mean for organizations – and for you? How do you use innovation to drive creativity? How can you optimize technology to free up other resources? Hear from Carlos Dominguez, a leader in innovation, as he puts the digital revolution in perspective and shares his eye-opening ideas about how to prepare for the future.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
by Axelle Apvrille & Ange Albertini
presented at BlackHat Europe 2014, in Amsterdam
PoC: https://github.com/cryptax/angeapk
AngeCryption: http://corkami.googlecode.com/svn/trunk/src/angecryption/
New DNS Traffic Analysis Techniques to Identify Global Internet ThreatsOpenDNS
Leveraging DNS data to detect new Internet threats has been gaining in popularity in the past few years. However, most industry and academic work examines DNS solely from the authoritative layer through the use of passive DNS. This presentation covers three novel methods that can be used to detect network threats at an Internet scale by analyzing DNS traffic below and above the recursive layer, monitoring malware hosting IP infrastructures, and applying graph analytics on DNS lookup patterns.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS
During IT Nation 2013, MSP Product Manager Dima Kumets presented this breakout session, sharing how Umbrella for MSPs can decrease costs, increase revenue, and improve customer retention.
Speak Security: Under the Hood of the OpenDNS Security Research Labs with Dhi...OpenDNS
Malware reversing is a conventional threat intelligence strategy that is being challenged to keep up with the fast-paced evolution of threats. To stay ahead of bad actors, the next generation security intelligence engine is big data, not malware reversing. An advanced generation of security intelligence teams has risen with mathematicians, algorithmic geniuses and big data researchers.
The buzz words sound impressive but what does this actually mean in practice?
On Jan 22nd, OpenDNS Security Researcher, Dhia Mahjoub, and Senior Product Manager, Dima Kumets, went under the hood of OpenDNS Security Research Labs. Their discussion included such topics as:
-What the OpenDNS Researchers actually do and why it's so different from traditional sample analysis
-The process of developing and improving learning machines as developed by Dhia and the Labs Team
-Insights gained from looking at Internet traffic as a whole
-The difference in Big Data insight vs Malware Reversing
-The latest threats OpenDNS Security Labs is mitigating
AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also.
This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups.
AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.
Jessica Gadling is a Software Engineer at OpenDNS. She gave a talk and demo at OpenLate (http://www.meetup.com/OpenLate/) on October 21st, 2014 on why Docker was chosen as a central component in OpenDNS's internal PaaS Quadra.
Decoding Connectivity: Thriving and Leading in the Internet of Everything WorldCisco Canada
Decoding Connectivity: Thriving and Leading in the Internet of Everything World
Carlos Dominguez, Senior Vice President in Cisco’s Office of the Chairman of the Board and CEO
As the industry begins enabling the Internet of Everything, the ways we work and do business will change at lightning speed – again. What will that seismic shift mean for organizations – and for you? How do you use innovation to drive creativity? How can you optimize technology to free up other resources? Hear from Carlos Dominguez, a leader in innovation, as he puts the digital revolution in perspective and shares his eye-opening ideas about how to prepare for the future.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
by Axelle Apvrille & Ange Albertini
presented at BlackHat Europe 2014, in Amsterdam
PoC: https://github.com/cryptax/angeapk
AngeCryption: http://corkami.googlecode.com/svn/trunk/src/angecryption/
BGP is a popular routing protocol used in the Data Center (DC). But as the protocol that powers the Internet, it also comes armed with a lot of sophistication that scares many who think a CCIE or CCNA is required to even understand it.
Watch this presentation and learn:
*How BGP fits in the DC with specific use cases
*How to configure and manage BGP traditionally and via new methods
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
Sie möchten Ihr großes internes Netzwerk - ein Autonomes System - mit dem Internet verbinden, eine IP-Fabric aufbauen oder interne Dienste per Anycast in Ihrem Netzwerk anbieten. Für all diese Dinge ist das Border Gateway Protokoll entwickelt worden und auch hervorragend geeignet.
Dieser Vortag vermittelt die Funktionsweise von BGP im externen und internen Einsatz, gibt einen Überblick über die Steuermechanismen und Stellschrauben und zeigt den praktischen Einsatz mit dem Bird Internet Routing Daemon auf.
I walk through What is BGP, Why BGP and BGP Attributes, Path Selection, Use Case of BGP, iBGP, eBGP, CCNP Routing, Multi Homing
What is BGP?
Why BGP?
BGP Peer Relationships
Configuration of BGP
BGP attributes and Path Selection
BGP use cases
Resource Public Key Infrastructure - A Step Towards a More Secure Internet Ro...akg1330
RPKI is a relatively new technology that permits origin validation for IP prefixes. This is an important steps towards securing the global routing infrastructure.
Presentation given during Firetalks at ShmooCon 2015:
http://youtu.be/oa8T5HLtY8I
Security Ninjas: An Open Source Application Security Training ProgramOpenDNS
NOTES
--
Slide 8
Some of the categories we will discuss are very broad like this one.
Untrusted command – get / post / rest style params
Clicks
Surprise inputs
Slide 13
Very broad too
Little or no auth
Auth with some bypass possibilities
Some problem with how session is generated, managed, expired
Insufficient sessionID protection
Slide 18
When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
Slide 27
Security hardening throughout Application Stack
Unnecessary features enabled or installed?
ports, services, pages, accounts, privileges
Security settings in your development frameworks (e.g., Struts, Spring, ASP.NET) and libraries not set to secure values?
Default accounts/ passwords still enabled and unchanged?
Error handling reveal stack traces or other overly informative error messages to users?
Software out of date?
OS, Web Server, DBMS, applications, code libraries
Slide 41
sign up for updates or do regular audits to see versions
there might be technical dependencies
easily exploited by attackers using metaspoilt, info gathering using headers & responses, etc.
Slide 47
We can look at the architecture, give you tips around what you could use, what would be good. This would avoid making any major changes when the product is ready which would save everyone’s time in the long run.
Have sprints with dedicated security features and use those as a selling point for our security conscious customers
Slide 48
Carefully look at the license to make sure you can use it in your type of product. Ask Fallon if you are not sure
Research how much support it gets, how popular it is
Look to find out any vulnerabilities in it before you start using it
Maintain it; Sign up for CVE updates
Ask us if you need to get something reviewed
Slide 50
Not only better and more features
Security vulnerabilities get patched in new versions
New versions get most attention by the companies and old ones stop getting support after some time fully
Most Security Support by the community
Turn on auto updates for Chrome; always look at updates on AppStore
Slide 51
Use different passwords for different sites
Password managers let you set complexity, generate random passwords, etc.
Slide 52
Only grant access to whats needed to get the job done
employee leaves; mistakes; vulnerabilities in other s/w which leverages this;
Don’t install redundant software, plugins, etc.
This opens up so much risk
People forget to uninstall them; s/w doesn't get much attention from community; open ports are left; boom exploited by attackers;
Slide 55
To prevent unintended execution actions
e.g., fail open auth errors
Leak minimal info about infrastructure as this info is leveraged by attackers to carry out further attacks
Rahim Lalani is a Systems Engineer at OpenDNS. He gave a talk at the Docker Vancouver meetup on May 8th, 2014 covering some experiments that he did along with Andree Toonk, OpenDNS's Network Engineering Manager, to route OpenDNS IP address space into containers running on AWS EC2 instances. Addtional details can be found in his blog post: http://engineering.opendns.com/2014/07/01/ip-routing-aws-docker/
Network Security: A Four Point Analysis of Appliances vs. the CloudOpenDNS
When you're assessing network security solutions, you face two fundamental choices with dramatic consequences for protection, coverage, performance and manageability. Appliance-based solutions seek to arm organizations with visibility and control within their network environment. Cloud-based solutions promise easier setup, greater scalability, wider coverage and adaptive protection.
How do you weigh the promised benefits against the potential risks? Does one option offer distinct advantages over the other?
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Each day millions of Internet requests are made to dynamically changing Cryptolocker domains. And it only takes one successful connection from a malware-infected system to the botnet controller for your files to end up encrypted and held for ransom.
So how does Cryptolocker actually work? What is the best way to block it? And what implications does this have for security methods going forward?
In this webcast, you will learn:
-What steps are involved in a Cryptolocker attack
-How Domain Generation Algorithms enable it to evade most threat detection methods
-Why leveraging our global intelligence has been effective in containing Cryptolocker
-What you can do to avoid becoming a victim
MSP Webcast - Leveraging Cloud Security to Become a Virtual CIOOpenDNS
Ransomware, trojans, and keyloggers are increasingly targeting SMBs—and traditional, reactive security solutions are not cutting it. Malware not only puts your customers at risk but also hurts your bottom line through hours wasted cleaning up infected machines.
But how do you protect customers that may not understand the risks or the value of layered security? The answer lies in leveraging increased visibility and value reporting to improve your bottom line and become your customer's virtual CIO and CISO.
Join OpenDNS Sr. Product Manager Dima Kumets and guest speaker Jim Lancaster of MSPmentor 100 company Sagiss to learn about:
-Combining protection and containment to lower costs
-Improving renewal rates through value reporting
-Leveraging OpenDNS's new integration with ConnectWise to be the Virtual CIO
-Monitoring real-time network activity as a sellable service
Umbrella for MSPs: Cloud Security via N-ableOpenDNS
Last week, at N-Able's Global Partner Summit, our Sr. Product Manager for MSPs,Dima Kumets, had a great session on "Cloud Security via N-able". During the presentation, he discussed how easy it was to deploy and monitor OpenDNS Umbrella for MSPs in N-able's Automation Manager. If you missed out on his awesome discussion, here is a recap.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
4. 4
• Network of Networks, it’s a Graph!
• Each organizations on the Internet is
called an Autonomous system.
• Each node represents an Autonomous
system (AS).
• AS is identified by a number.
• OpenDNS is 36692, Google is 15169.
• Each AS has one or more Prefixes.
• 36692 has 56 (ipv4 and IPv6) network
prefixes.
• BGP is the glue that makes this work!
Result is a topology map of the Internet
Internet 101 & BGP
5. 5
andree@rtr1.syd> show route protocol bgp www.facebook.com
inet.0: 528878 destinations, 1095067 routes (528873 active, 3 holddown, 12 hidden)
+ = Active Route, - = Last Active, * = Both
179.60.193.0/24
*[BGP/170] 2w6d 21:16:18, MED 0, localpref 100
AS path: 32934 I
> to 202.167.228.39 via ge-1/1/9.0
[BGP/170] 1w6d 02:04:04, localpref 100
AS path: 4637 1221 32934 I
> to 210.176.38.1 via xe-0/0/0.0
[BGP/170] 4d 21:09:54, MED 0, localpref 100
AS path: 2914 38561 1221 32934 I
> to 202.68.65.149 via xe-2/0/0.0
Example BGP troubleshooting How
do
I
route
to
Facebook?
6. 6
Recent High Profile BGP Incident Examples
BGP
hijack
used
for
spamming
BGP
hijack
used
for
financial
gain
(bitcoin
hijack)
BGP
hijack
by
Hacking
team
Large
scale
mulC
day
outages
in
Syria
and
Egypt
BGP
hijack
by
Turkey
to
censor
popular
DNS
resolvers
Many
more
accidental
BGP
hijacks
9. 9
High level Architecture
BGP
Stream
analyzer
BGP
data
Classifier Notification
Expected
Support
for:
IPv4
&
IPv6
16
&
32bit
AS
numbers
Expected
state:
• Prefix
/
Origin
AS
• AS
relaCons
• Historical
info
• GEO
info
• Whois
info
• Etc.
Observed BGP data from
hundreds of BGP peers
globally
10. 10
BGP Stream Classifier
BGP
data
• Expected Origin AS vs. Detected origin AS
• Existing Business relationship?
• Does Detected
AS
announce other Expected
AS
prefixes in BGP
• Is there an existing peering relationship
• Did Detected
AS
recently announce Expected
AS
prefixes
• Exclude well relations and ASNs (i.e. DoD Asns, special Anycast prefixes).
• Whois information
• Valid RPLS route object in RIR / IRR databases?
• Allocation data
• Name collision in name, description, emails
• Geo Info
• Do Expected
and Detected
operate in same country
• For US, same state
• Detected by number of BGPmon peers