Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.
RPKI is one of the newest technology securing inter-domain routing. This presentation explore how ISP's in Bangladesh is adopting this solution and what is the status of RPKI deployment.
LemonLDAP::NG is a well known WebSSO software. The 2.0 version was released in 2018 and brings a lot of new features, like multi-factor authentication (TOTP, U2F, ...), WebService and API protection, Plugin system...
Senior Training Officer, Sheryl (Shane) Hermoso, outlines the importance of securing Internet routing to prevent route hijacking and prefix mis-origination with RPKI at the recent VNIX/NOG event in Ha Noi in November 2016.
RPKI is one of the newest technology securing inter-domain routing. This presentation explore how ISP's in Bangladesh is adopting this solution and what is the status of RPKI deployment.
LemonLDAP::NG is a well known WebSSO software. The 2.0 version was released in 2018 and brings a lot of new features, like multi-factor authentication (TOTP, U2F, ...), WebService and API protection, Plugin system...
Senior Training Officer, Sheryl (Shane) Hermoso, outlines the importance of securing Internet routing to prevent route hijacking and prefix mis-origination with RPKI at the recent VNIX/NOG event in Ha Noi in November 2016.
An introduction to Blockchain with underlying technology and current state of development. Various blockchain implementation such as public, private, and semi-private blockchain.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
The internet has, in the mere space of a decade, completely revolutionized the way things are done in Bangladesh. Everything from making friends, shopping, learning and even starting and promoting businesses has experienced paradigm shifts due to the internet. But, despite the allures of connectivity. There are also dangers as well.
This event will focus on cyber security and how to keep privileged data safe from unwanted observation. The event will also talk about how society has changed, both good and bad, and how we can use this opportunity to drive more meaningful growth.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
An introduction to Blockchain with underlying technology and current state of development. Various blockchain implementation such as public, private, and semi-private blockchain.
Keeping DNS server up-and-running with “runitMen and Mice
A traditional Unix/Linux init system like SystemV-Init or BSD rc does start a DNS server process on server boot, but it does not restart the service in case of an abnormal termination. Modern init replacements like systemd provide process supervision, but bring extra complexities and possible stability and security issues.
This webinar demonstrates an alternative, open source process supervision system called “runit”.
“runit” is lean and fast and sticks to the Unix tradition to do one thing, and do that right.
In this webinar you will learn how to manage DNS server processes such as BIND 9, Unbound and NSD from runit.
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
The internet has, in the mere space of a decade, completely revolutionized the way things are done in Bangladesh. Everything from making friends, shopping, learning and even starting and promoting businesses has experienced paradigm shifts due to the internet. But, despite the allures of connectivity. There are also dangers as well.
This event will focus on cyber security and how to keep privileged data safe from unwanted observation. The event will also talk about how society has changed, both good and bad, and how we can use this opportunity to drive more meaningful growth.
In this installment of the Men & Mice webinar series, Mr. Carsten Strotmann will talk about the role that DNS plays in fighting malware and spam.
The discussion will dig into DNS blacklists, domain reputation, Response Policy Zones and how the new TLDs have changed the game.
It goes without saying that DNS is only as secure as its servers. To ensure the successful and secure operation of a DNS server, secure configuration is paramount.
The new BIND 9 version 9.11 is a major version of the popular DNS server, released in August by ISC.
In this webinar Mr. Carsten Strotmann will demonstrate new features such as:
- Catalog Zones,
- dnssec-keymgr, new *rndc* functions
- CDS/CDNSKEY auto generation
- Negative Trust Anchor
- DNS cookies
-Refuse “any”
-and more.
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
The DNS protocol has built-in high availability for authoritative DNS servers (this will be better explained in the webinar!), but client machines can see a degraded DNS service if a DNS resolver (caching DNS server) is failing.
In this webinar, we will look into how the DNS clients in popular operating systems (Windows, Linux, macOS/iOS) choose the DNS resolver among a list of available servers, and how a DNS resolver service can be made failure-tolerant with open-source solutions such as “dnsdist” from PowerDNS and “relayd” from OpenBSD.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaAPNIC
APNIC Deputy Director General Sanjaya gives a keynote address on strengthening the Sri Lankan Internet infrastructure at LkNOG 3 in Colombo, Sri Lanka from 2 to 4 October 2019.
The Border Gateway Protocol (BGP) is the default
Internet routing protocol that manages connectivity among
Autonomous Systems (ASes). Although BGP disruptions are
rare, when they occur the consequences can be very damaging.
Consequently there has been considerable effort aimed at
understanding what is normal and abnormal BGP traffic and,
in so doing, enable potentially disruptive anomalous traffic to
be identified quickly. In this paper, we make two contributions.
We show that over time BGP messages from BGP speakers
have deterministic, recurrence and non-linear properties, then
build on this insight to introduce the idea of using Recurrence
Quantification Analysis (RQA) to detect BGP instability. RQA
can be used to provide rapid identification of traffic anomalies
that can lead to BGP instability. Furthermore, RQA is able to
detect abnormal behaviours that may pass without observation.
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case StudyKittinan Sriprasert
This is BKNIX initiatives to support remote peering over existing internet infrastructure where last mile connectivity is limited. Resources can be used effectively as well as offering cost effective solution to small network in remote areas
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
APNIC Senior Internet Resource Analyst Anna Mulingbayan gives an overview of how to secure your resources with RPKI and IRT at PhNOG 2020 in Manila, Philippines, on 24 February 2020.
Presentació a càrrec de Maria Isabel Gandia, cap de Comunicacions, duta a terme a la comunitat usuària de LAC-IX (Latin America and Caribbean IXPS) el 30 d'abril de 2021 en format virtual.
RPKI (Resource Public Key Infrastructure)Fakrul Alam
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP Addresses) to a trust anchor. (wikipedia)
3. DDoS
• Distributed denial-of-service (DDoS) attacks target
network infrastructures or computer services by
sending overwhelming number of service requests to
the server from many sources.
• Server resources are used up in serving the fake
requests resulting in denial or degradation of
legitimate service requests to be served
bdNOG3 Conference | 18th May 2015 | Dhaka
4. Addressing DDoS attacks
• Detection
– Detect incoming fake requests
• Mitigation
– Diversion : Send traffic to a specialized device that
removes the fake packets from the traffic stream while
retaining the legitimate packets
– Return : Send back the clean traffic to the server
bdNOG3 Conference | 18th May 2015 | Dhaka
5. 3 Community tools from Team Cymru
• Bogon Filter
– https://www.team-cymru.org/bogon-reference.html
• Flow Sonar
– https://www.team-cymru.org/Flow-Sonar.html
• UTRS (Unwanted Traffic Removal Service)
– https://www.team-cymru.org/UTRS/index.html
bdNOG3 Conference | 18th May 2015 | Dhaka
7. Bogon Filter
• A bogon prefix is a route that should never appear in
the Internet routing table
– Bogons are defined as Martians (private and reserved
addresses defined by RFC 1918, RFC 5735, and RFC 6598)
and netblocks that have not been allocated to a RIR by the
IANA
• These are commonly found as the source addresses of
DDoS attacks
• Study shows 60% of the naughty packets were obvious
bogons
• Bogon and fullbogon lists are NOT static lists
bdNOG3 Conference | 18th May 2015 | Dhaka
8. Bogon Filter : Configuration IPv4
bdNOG3 Conference | 18th May 2015 | Dhaka
/ you can forward these traffic and analyze /
9. Bogon Filter : Configuration IPv6
bdNOG3 Conference | 18th May 2015 | Dhaka
/ you can forward these traffic and analyze /
11. Bogon Filter : Status
• The IPv4 traditional bogons list is currently 13
prefixes.
• fullbogons list is approximately 3,618 prefixes.
• The IPv6 fullbogons list is approximately 58,401
prefixes.
– [date : 18th May 2015]
bdNOG3 Conference | 18th May 2015 | Dhaka
12. Bogon Filter : Peering
• Contact bogonrs@cymru.com
1. Which bogon types you wish to receive (traditional IPv4
bogons, IPv4 fullbogons, and/or IPv6 fullbogons)
2. Your AS number
3. The IP address(es) you want us to peer with
4. Does your equipment support MD5 passwords for BGP
sessions?
5. Optional: your GPG/PGP public key
• https://www.team-cymru.org/bogon-reference-
bgp.html
bdNOG3 Conference | 18th May 2015 | Dhaka
14. Flow Sonar
• The Team Cymru Flow Sonar system is a powerful tool
for network managers to visually identify and understand
what is happening on their network at any given time
• Leveraging the free and open-source framework provided
by Peter Haag of SWITCH
• Special plugins "dosrannu" developed by Team Cymru to
track malicious activity on your network
• Unique dosrannu feeds alerted to DDoS attacks,
compromised machines, and the presence of
connections to C&C hosts
bdNOG3 Conference | 18th May 2015 | Dhaka
16. Flow Sonar : Get It
• Contact outreach@cymru.com
1. Team Cymru will send hardware
• 1 Server
• 1 Router
• https://www.team-cymru.org/Flow-Sonar.html
bdNOG3 Conference | 18th May 2015 | Dhaka
18. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
bdNOG3 Conference | 18th May 2015 | Dhaka
19. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
DDoS Traffic DDoS Traffic
bdNOG3 Conference | 18th May 2015 | Dhaka
20. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
DDoS Traffic DDoS Traffic
BGP : 1.2.3.4/32
COM : 65420:666
bdNOG3 Conference | 18th May 2015 | Dhaka
21. RTBH 101
CE
IP : 1.2.3.4
BGP : 1.2.3.0/24
PE
Transit I
Transit II
Provider InfraCustomer Infra
Website
Internet
DDoS Traffic
BGP : 1.2.3.4/32
COM : 65420:666
IP : 1.2.3.4/32 -> discard
IP : 1.2.3.4/32 -> discard
bdNOG3 Conference | 18th May 2015 | Dhaka
22. RTBH Upstream
• Check whether your upsteam provider support RTBH
• Configure & Test RTBH before incident
• Only announce IPv4 /32's from address space you
originate or your customer
bdNOG3 Conference | 18th May 2015 | Dhaka
23. UTRS
• It’s based on the basic principle of DDoS filtering;
Remotely Triggered Black Hole Filtering
• UTRS is a system that helps mitigate large
infrastructure attacks by leveraging an existing
network of cooperating BGP speakers such as ISPs,
hosting providers and educational institutions that
automatically distributes verified BGP-based filter
rules from victim to cooperating networks
bdNOG3 Conference | 18th May 2015 | Dhaka