[nsp-sec] Question for the team - who would be willing to participate in a "exercise"

[Barry Greene]

Hi Team,

We have “yet another group who is going to fix the DOS” problem by ignoring history and thinking that there is no group doing any thing. I was thinking of a demonstration to this group to allow the an understanding on what DOS problem do not need their help. One illustration is where we are if we really need to RTBH a IP that is the root of an DOS attack.

The idea is a “virtual” table top exercise. It would be an E-mail that you would respond with an “ACK.” For example:

———

- SITREP - a reflection attack is hitting a several WHO sites used for pandemic management. At this time, there is an emerging situation in Asia with a new strain of flu. We need to get these site back only. There look to be 6 IPs which are the key C&C/Stressors behind these WHO attacks.

- Ask - Please deploy a RTBH for these 6 sites for one hour, then remove. That would provide enough time to deploy additional capacity. The source ASN for the stressor/C&C may or may not be able to help.

- Ask - Respond with an ACK to the Trust Group when the RTBH is deployed. Respond with a ACK to this Trust Group.

——

We’ll use the test-net IPs for the exercise (just in case someone does not think this is an exercise and deployed a RTBH.).

Thoughts?

What I would do is compile a report for everyone. In a way, this would help the “DOS Peering” effort where Don is one of the instigators. The report would show what can be done via E-mail. the DOS Peering would show what could be done with some more preparation and automation.

Barry






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20171028/a0c4a339/attachment.sig>