Speaker: Fahad Al Shirawi
Abstract: A look at the status of telecoms deregulation in the Middle East
Title: Status
of Telecoms Deregulation in the Middle East
Speaker: Fahad Al Shirawi
Abstract: A look at the status of telecoms deregulation
in the Middle East
Title: Reflector
Attacks Using DNS Infrastructure
Speaker: Joao Damas
Abstract: Recent DDoS attacks have been unleashed
against networks, disturbing services due to the shear amount of
traffic generated towards the victim. DNS has been named often as
an accomplice in these attacks due to the common server configurations.
This presentation analyses the role of DNS in the attacks and points
at the real source of the problem.
Required reading: BCP38, ftp://ftp.rfc-editor.org/in-notes/bcp/bcp38.txt
Title: DNS
Amplification Attacks
Speaker: Matsuzaki Yoshinobu
Title: Infrastructure
Security Survey Overview
Speaker: Danny McPherson
Abstract: As network operators begin to converge
services onto a single ubiquitous IP infrastructure, a renewed focus
on infrastructure security and services availability has emerged.
This discussion will present the results of a survey conducted earlier this year that explores what threats network operators are facing, the scale and frequency of these threats, as well as the organisational and operational tool sets network operators employ to address these threats.
The desire is that the information provided in this survey, which we intend to conduct on a biannual basis, will assist both network operators and their vendors in obtaining a better understanding of trends in the infrastructure security landscape, what tools and techniques are utilized, and where they should be looking to address emerging threats.
Title: Routing
Security: An Over-simplification
Speaker: Randy Bush
Abstract: What is Routing Security?
To alter traffic
Title: What
I Want for Eid ul-Fitr, An Operational ISP & RIR PKI
Speaker: Randy Bush
Abstract: Our Evil Habits
Title: pmacct:
A New Player in the Network Management Arena
Speaker: Paolo Lucente
Abstract: pmacct is a small set of passive network
monitoring tools to measure, account, classify and aggregate IPv4
and IPv6 traffic; a pluggable and flexible architecture allows to
store the collected traffic data into memory tables or SQL (MySQL,
SQLite, PostgreSQL) databases.
pmacct supports fully customisable historical data breakdown, flow sampling, filtering and tagging, recovery actions, and triggers. Libpcap, sFlow v2/v4/v5 and NetFlow v1/v5/v7/v8/v9 are supported, both unicast and multicast. Also, a client program makes it easy to export data to tools like RRDtool, GNUPlot, Net-SNMP, MRTG, and Cacti.
Title: BGP
Extreme Routing Noise
Speaker: Geoff Huston
Title: IPv6,
What Works, What Doesn't
Speaker: Merike Kaeo
Title: IPv6
Routing Update
Speaker: Gert Doering
Title: Security
Issues in ENUM
Speaker: Gerhard Schröder
Abstract: Numbering on the basis of the ITU-T recommendation
E.164 is very well know in the technical world as well as in the
public world. Everybody who wants to get in contact with another
person by fixed line or mobile phones is doing this, in dialing
the telephone number of this person. This number is dialed with
the digit keypad. There are two advantages with the method. First,
the numbering scheme has the capability to cover all terminals around
the world and second, geographical as well as service information
are coded inside the numbering schema. This gives the user the possibility
to recognise the purpose of the number or the distance between the
caller and the called person. In addition, some services in the
ISDN world are based on the calling party number together with an
information about the confidentially of the number.
Phone calls in the Internet world are based are on the Session Initiation Protocol (SIP). Normally, SIP calls are establish by utilising e-mail addresses. It is obvious, that there is a big difference between the digits oriented addressing in the ISDN world and the string oriented addressing in the SIP world.
The bridge between the both worlds is created with ENUM. On the basis of the well-know DNS server structure, a mapping between the E.164 numbering and the SIP addresses can be used.
However, introducing ENUM raise some security issues which will be discussed in the paper.
Title: IP
Multicast: The Good, the Bad and the Ugly
Speaker: John Lyons
Abstract: Multicast deployment has historically
been very limited, with few networks outside of the research and
education community finding a compelling reason to deploy.
Recently the advent of high bandwidth last mile technologies and the requirement to deliver high quality streams to end users has led to a rapid increase in the number of deployments. Companies are now beginning to rely on multicast to provide critical production services, much of the time with limited experience of the protocols, technology and risks involved.
This talk will focus on the both the positive and negative experiences and lessons learned while deploying multicast in a national research and education network (and research and education institutions), a triple play ISP and a traditional commercial ISP.
Title: Multicast
Video Delivery and Triple Play
Speaker: Marshal Eubanks
Abstract: While global multicast deployment may
seem to be languishing, multicasting is now seen as the best practice
for the delivery of video channels over IP networks. As such, multicast
is seeing rapid deployment in "triple play" scenarios,
where one network is used for voice, data and video. I will provide
details of several recent IP video deployments, which are typically
over closed or virtual private networks to customer's set-top boxes
using PI M-SM.
A common feature of modern triple play deployments is that the video delivery is treated as a "walled garden", with the provider selecting the channels offered and the customer having no means of viewing other channels through their set top boxes. This is of course a business limitation, not a technical limitation, and I will use a statistical analysis of video preference to argue that in the long run the number of channels will be much larger than can be supported in any walled garden, and that it will be better for the industry to develop business and technical standards to allow for the delivery of (and revenue generation from) unlimited numbers of channels from the global Internet.
Title: Proposal for a RIPE "IP Spoofing"
Task Force
Speaker: Daniel Karrenberg
Abstract: Denial of Service (DoS) amplification
attacks are still with us. There are indications that the damage
caused by such attacks is increasing; certainly their visibility
has increased recently. The only way to effectively stop amplification
attacks is to prevent IP source address spoofing. Without spoofing
there is no amplification and no obfuscation of the real source
of DoS attack traffic. RIPE needs to encourage operators to prevent
IP source address spoofing. Hence I propose to establish an "IP
Spoofing" task force.
I have produced a document outlining the motivation for the task force, a proposed charter and a proposed time-line; it also has a reference list that can be used to as a starting point to learn more. You can find this document here.