Phil Stanhope <stanhope@gmail.com> wrote: > Inside Baseball what they termed it ... because they'd use IETF meeting or > NANOG meetings to then get to the closest baseball game, have a series of > meetings, etc. ha, I feel that perhaps Ed was an influence here... > Always Chatham House rules. > I know similar groups exist in the DDoS fighters space -- with some overlap > to the DNS operators because of amplification attacks, etc. > Always discussing sensitive matters, so Chatham House rules definitely > apply. > I'm certain that there are those at RIPE now (or previously) who could > provide guidance on how comms were established, etc. I know I was in the > room with folks > who brokered contacts with other key players during the Oct 2016 Dyn attack > as an example. So let's think a bit about what kind of information we'd like in the reports. What are the questions... I think the obvious ones are: 1. how many attacks have occured in Time Period. 2. can we distinguish one attack from another attack? Or do they all seem to meld together into some kind of diurnal wave? 3. what are *IoT* attacks? (I am still not entirely sure I count Mirai as IoT, as I'm still not sure that Home Routers are really IoT as opposed to being Internet Infrastructure. I seem to recall that some 20% of traffic was from PVRs/DVRs though.) 4. I think, but I'm not certain, that a significant number of attacks are still various kinds of amplication attacks, where botnets of *PCs* send forged source address traffic to vulnerable servers in DCs with big-pipes. The NTP and SNMP amplication attacks are still out there, but I don't know how prevalent they are. 5. would more BCP38 on Enterprise links be helpful? I thought that there was an IETF BOF request on making this easier... Hmm. what happened to it?... savnet. https://www.ietf.org/mailman/listinfo/savnet https://datatracker.ietf.org/doc/bofreq-li-sav-for-intra-and-inter-domain-ne... https://datatracker.ietf.org/group/savnet/about/ Ah, it got approved as a WG already :-) Will the BCP38 whack-a-mole ever be done? Once we do whack all those BCP38 issues, what's the next thing on the list? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [