asn-sec -- ASN-Security mailing list
About asn-sec	English (USA)
"The superior man, when resting in safety, does not forget that danger may come." - Confucious The asn-security [ASN-SEC] forum is a volunteer incident response mailing list, which coordinates the interaction between those managing security for BGP ASNs in near real-time and strives to mitigate the effects of exploits on Ineternet networks. Step one is to insure you meet the qualifications for ASN-SEC. Some common questions to ask yourself are:  Are you *directly* responsible for one (or more) autonomous system numbers on the public Internet?  Does your job include Operational Security?  Are you willing to offer free services, data, forensic, and other monitoring data to the community?  Do you have authorization to actively mitigate incidents in your network? Do you actually log into a router and do something to mitigate an attack or call someone to task them to do the work?  Do you have the time for a real-time forum? (No lurkers) If yes, then you might fit the expectations to be on the ASN-SEC Mitigation or Discussion Forums. Note: We're seeking those who are in a direct position within their ASNs (including downstreams if applicable) - not proxies for ASNs which are not your routing responsibility. ASN-SEC PARTICIPATION EXPECTATIONS ASN-SEC is a forum to get work done in the service of the community. As such, realistic expectations are placed on the ASN-SEC membership. These expectations are periodically reviewed by the ASN-SEC moderators to ensure that an individuals community membership is relevant, productive, and adds value to the mission of ASN-SEC. These expectations, which have evolved through active membership feedback include:  All posts to ASN-SEC must have an organizational affiliation via either a corporate email address that is identifable as an ISP/NSP, or via a signature that includes your organizational affiliation and ASN.  Lurking and learning does not contribute to the community  there are other forums for that. Silence often indicates that people are not handling the information provided by the ASN-SEC community or that the information provided is of little relevence to the member. Acknowledgements of action  whether publicly on the mailing list or privately to the people involved  provides members of the community an indication that contributions are being made. Recognizing specific national laws, regulations, and/or corporate policies may prevent some members from posting on the public ASN-SEC alias; these limitations do not prevent private mitigation correspondence.  Taking information provided on the ASN-SEC forums and using it for commercial gain is not allowed. It is a violation of trust to the community.  ASN-SEC is built on trust. Therefore, reposting ASN-SEC communications to individuals inside or outside your organization is a violation of that trust. ASN-SEC members should have the span of control to take action on the information from an ASN-SEC correspondence without widely posting the information inside their organization. If forwarding inside the organization is required, permission of the posters must be sought.  ASN-SEC postings must not be CCed or BCCed to any other forum. Internal dialog must be re-crafted for internal use as mentioned in previous guildelines. ASN-SEC APPLICATION EXPECTATIONS Membership in ASN-SEC is restricted to those actively involved in the management of publicly routed BGP Autonomous System Numbers, and the mitigation of security incidents across the broader Internet. Therefore, it will be limited to network operators. That means no press, researchers and (hopefully) none of the "bad guys." It also means that engineers who do not directly work in the core transit/content provider network do not fit the purview of ASN-SEC and should look for other forums. ASN-SEC is not another *nog; its goal is to bring together responsible network operators with a focus purely on the security incidents and implications of running a network connected to the modern Internet. ASN-SEC is not a community for lurkers who wish to "learn more about security." ASN-SEC will use a simple trust/peering relationship. This model is not as "secure" as an encrypted conversation, yet it is better than a wide-open public dialog. All applications must be accompanied by at least two existing members (not from the applicant's organisation) who will vouch for the new applicant. We will establish the trust by asking members of the list to vouch for new subscriber requests. If the list administrators know the person, then they can vouch for them. A maximum of 2 representatives per ASN will be permitted, and we will permit representatives to cover multiple ASNs if they are indeed responsible for the operational security within each. Yes, we have had similar "security" lists in the past. What we are trying with this one is to have it connected with face-to-face meetings at various operations conferences. These meetings will initially be entitled "ISP Security BOF", and held at the NANOG. Like NANOG's Peering BOF, the ISP Security BOF is a facilitation tool; bring together people living with the daily pain of NSP/ISP security incidents. The hope is the combination of face-to-face and a private e-mail list will help the community better handle Internet security events. No information presented in this list is allowed to be forwarded or shared outside the ASN-SEC community without specific permission from the poster. It is expected that members strictly adhere to this policy to ensure list confidentiality. If you'd like to be considered for membership, please provide the following information via email to: asn-sec-owner@puck.nether.net Name: E-mail: DayPhone: 24hrPhone: INOC-DBA Phone: Company/Employer: ASNs Responsible for: JobDesc: Internet security references (names & emails): PGP Key Location: For Job Description  be as detailed and descriptive as possible. After sending the above form via email go to the section below and issue a "subscription" request via the form. NEW MEMBERS When a new member requests membership and provides his/her "bio" (as above), once the moderators decide that the potential member has passed their initial review, that person's bio will be sent to the full list. All applications must be accompanied by at least two existing members who will "vouch" for the new applicant (both of which must come from outside the same organization). Any existing member will have 48 hours to send reservations about that potential member to the moderators. The moderators promise to review in depth any facts that are raised in regards to any potential new member. The final decision will be left up to moderator discretion based on member input. RESERVATIONS AND REBUTTAL Any reservation about an existing member that is sent privately to the -owner list will have all identifying aspects stripped out of the email and forwarded to the potential rejectee for rebuttal. That person will have 72 hours to send a rebuttal before a decision is taken. The moderators of the ASN-SEC list will attempt to take all matters into consideration before rendering a decision. REMOVAL A majority of the moderators will be required to remove an existing member or to override a new potential members candidacy for the list. ASN-SEC REVETTING The ASN-SEC Moderators will periodically review the membership and select some members for revetting. This is required to ensure that all members of the list continue to fit the charter characteristics. Both employment and the charter can change over time - this mechanism allows the list to remain true to its charter. The revetting process occurs in three steps: 1. The member selected for revetting will be asked to update their information, and submit it to the ASN-SEC Administrators. 2. Should the member continue to meet the required characteristics for ASN-SEC membership, the members information will be sent to the list for revetting. 3. At least two members of the list must re-approve membership. At least one of the approvers must be from a different company than the member who is being revetted. In addition, other members selected for revetting during the same cycle may not approve each other. Note that not meeting the requirements of each step will result in removal from the ASN-SEC mailing list. Those so removed may reapply through the normal method, although the two-company approval requirements will continue to apply. ASN-SEC PHYSICAL MEETINGS The IETF experience demonstrates that the most effective way to build a community on the Internet is through a combination of virtual meetings (e-mail forum) and physical meetings. ASN-SEC follows the same formula, having small meetings and BOFs at the various operations and engineering meetings around the world. Following is a list of the active ASN-SEC meetings and the contacts for the chaperons/facilitators for these meetings. NANOG Security BOFs (www.nanog.org) Chaperons/Facilitators: Merike Kaeo - kaeo@merike.com Barry Raveendran Greene bgreene@senki.org RIPE Security BOFs (www.ripe.net) Coordinator: Hank Nussbacher - hank@mail.iucc.ac.il APRICOT Security BOFs (www.apricot.net) Coordinators/Facilitators: Derek Tay - dt@agcx.net Dylan Greene - dylan@juniper.net FIRST Technical Colloquia (www.first.org) Please let the community know if you are interested in coordinating, chaperoning, or facilitating meetings at other forums. Volunteerism in service to the community is welcomed. ASN-SEC TRAINING LINKS TEAM CYMRU Templates and Tools http://www.cymru.com/ The Orginal Backscattered Traceback and Customer Triggered Remote Triggered Black Hole Techniques http://www.secsup.org/Tracking/ http://www.secsup.org/CustomerBlackHole/ NANOG ISP Security Seminars and Talks Tutorial: ISP Security - Real World Techniques I http://www.nanog.org/mtg-0110/greene.html Trends in Denial of Service Attack Technology http://www.nanog.org/mtg-0110/cert.html Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out? ` http://www.nanog.org/mtg-0110/moore.html DoS Attacks in the Real World http://www.nanog.org/mtg-0110/irc.html Diversion & Sieving Techniques to Defeat DDoS http://www.nanog.org/mtg-0110/afek.html DNS Damage - Measurements at a Root Server http://www.nanog.org/mtg-0202/evi.html Protecting the BGP Routes to Top Level DNS Servers http://www.nanog.org/mtg-0206/bush.html BGP Security Update http://www.nanog.org/mtg-0206/barry.html Industry/Government Infrastructure Vulnerability Assessment: Background and Recommendations http://www.nanog.org/mtg-0206/avi.html Tutorial: ISP Security - Real World Techniques II http://www.nanog.org/mtg-0210/ispsecure.html A National Strategy to Secure Cyberspace http://www.nanog.org/mtg-0210/sachs.html How to 0wn the Internet in Your Spare Time http://www.nanog.org/mtg-0210/vern.html ISP Security BOF I http://www.nanog.org/mtg-0210/securebof.html The Spread of the Sapphire/Slammer Worm http://www.nanog.org/mtg-0302/weaver.html ISP Security BOF II http://www.nanog.org/mtg-0302/securebof.html The BGP TTL Security Hack http://www.nanog.org/mtg-0302/hack.html Security Considerations for Network Architecture http://www.nanog.org/mtg-0302/avi.html Lack of Priority Queuing on Route Processors Considered Harmful http://www.nanog.org/mtg-0302/gill.html Interception Technology: The Good, The Bad, and The Ugly! http://www.nanog.org/mtg-0306/schiller.html The NIAC Vulnerability Disclosure Framework and What It Might Mean to the ISP Community http://www.nanog.org/mtg-0306/duncan.html Inter-Provider Coordination for Real-Time Tracebacks http://www.nanog.org/mtg-0306/moriarity.html Tutorial: ISP Security: Deploying and Using Sinkholes http://www.nanog.org/mtg-0306/sink.html ISP Security BOF III http://www.nanog.org/mtg-0306/securitybof.html S-BGP/soBGP Panel: What Do We Really Need and How Do We Architect a Compromise to Get It? http://www.nanog.org/mtg-0306/sbgp.html BGP Vulnerability Testing: Separating Fact from FUD http://www.nanog.org/mtg-0306/franz.html BGP Attack Trees - Real World Examples http://www.nanog.org/mtg-0306/hares.html NRIC Best Practices for ISP Security http://www.nanog.org/mtg-0306/callon.html Botnets http://www.nanog.org/mtg-0410/kristoff.html To see the collection of prior postings to the list, visit the asn-sec Archives.
Using asn-sec
To post a message to all the list members, send email to asn-sec@puck.nether.net. You can subscribe to the list, or change your existing subscription, in the sections below.
Subscribing to asn-sec
Subscribe to asn-sec by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. Once confirmation is received, your request will be held for approval by the list moderator. You will be notified of the moderator's decision by email. This is also a hidden list, which means that the list of members is available only to the list administrator. Your email address:   Your name (optional):   You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext. If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Once a month, your password will be emailed to you as a reminder. Pick a password:   Reenter password to confirm:   Which language do you prefer to display your messages? English (USA)   Would you like to receive list mail batched in a daily digest? No Yes
asn-sec Subscribers
(The subscribers list is only available to the list administrator.) Enter your admin address and password to visit the subscribers list: Admin address: Password:    To unsubscribe from asn-sec, get a password reminder, or change your subscription options enter your subscription email address: If you leave the field blank, you will be prompted for your email address