Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

Published byWesley Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson."— Presentation transcript:

1 Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson

2 Overview Short background on REN-ISAC Short background on Arbor Networks Peakflow SP Illustration of use of Arbor in responding to DoS on Abilene Call to establish linkages with Connectors and Peers to facilitate trace back of DoS incidents.

3 REN-ISAC Is an integral part of U.S. higher education’s strategy to improve network security through information collection, analysis, dissemination, early warning, and response; is specifically designed to support the unique environment and needs of organizations connected to served higher education and research networks; and supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure.

4 REN-ISAC Information products –Daily Weather Report –Daily Darknet Reports –Alerts –Notifications –Monitoring views Incident response 24x7 Watch Desk Developing R&E Cybersecurity Contact Registry Security work in specific communities, e.g. grids Participation in other higher education efforts

5 REN-ISAC Membership A trusted community for sharing sensitive information regarding cybersecurity threat, incidents, response, and protection, specifically designed to support the unique environment and needs of higher education and research organizations. Membership oriented to permanent staff involved in cybersecurity protection or response in an official capacity for an institution of higher education, research and education network provider, or government-funded research organization.

6 Infrastructure security, traffic analysis, managed DoS protection via intelligent netflow analysis –Network Anomaly Detection: DDoS, worms, network and bandwidth abuse –Integrated Mitigation seamless operation with a variety of DoS mitigation tools; filtering, rate-limiting, BGP blackholing, off- ramping/sinkholing, etc. –Analytics: peering evaluation, BGP routing, capacity planning –Reporting real-time and customized anomaly and traffic reports

7 –Customer-facing DoS Portal Gives customers a first-hand view of their traffic inside the service provider’s network; customers set their own thresholds and alerts; customers can blackhole, off-ramp, etc. –Fingerprint Sharing Share anomaly fingerprints with peers, customers, etc. for upstream DoS mitigation –Active Threat Feed Arbor information base that identifies current and growing threats through worms, botnets and botnet controller identification and tracking, Phishing site tracking, infected host identification, etc.

8

9

10

11

12

13

14

15

16

17

18 Identifying DoS Sources Based on trace back of DoS traffic to Abilene router input interfaces we know what Connector or Peer network to attribute DoS activity to. Because of source address spoofing we’re not able to attribute the activity further upstream, such as to a specific Participant, NREN, or institution – we need the participation of the Connector or Peer to trace back to the sources. Need to establish linkage of security contacts (REN-ISAC, Connectors, and Peers) and capabilities for trace back.

19 Reporting DoS Destinations Also very useful to make report to the security team at the DoS destination: –Awareness of incident, and –being the target of an attack often indicates the machine was previously hijacked or otherwise compromised. For destinations behind peer networks: do we request the peer network security contacts to pass those notifications? For Abilene Participants, REN-ISAC can make contact directly to the participant.

20 Establishing Security Contact Linkages Linkages with Connectors and Peers: –Get registered w/ REN-ISAC, get to know each other –Would separate abuse@ or security@ e-mail addresses be useful versus contact to the respective noc@ addresses? –Further discussion tonight in the RONs/Abilene Connectors BoF Linkages to Participants –Get all registered with REN-ISAC http://www.ren-isac.net/membership

21 Contacts Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630 ren-isac@iu.edu Doug Pearson dodpears@iu.edu Arbor Networks Rich Shirley

Download ppt "Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson."

Similar presentations

Network support for DoS Protection Stefan Savage Dept of Computer Science and Engineering UC San Diego.

Network support for DoS Protection Stefan Savage Dept of Computer Science and Engineering UC San Diego.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.

Security BoF: What Are The Community's Open Questions? Joe St Sauver, Ph.D. or Manager, Internet2 Nationwide Security.
Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.

Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.

REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.
1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center Internet2 Member’s Meeting Chicago 5 December 2006.

1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center Internet2 Member’s Meeting Chicago 5 December 2006.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.

Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.
Security Towards a coherent portfolio Walter van Dijk TF-MSP - 27 November 2014.

Security Towards a coherent portfolio Walter van Dijk TF-MSP - 27 November 2014.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.
Www.more.net | University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.

| University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Similar presentations

Ads by Google