Abstract:ISP Security and NSP-SEC BOF XII

Danny McPherson, Arbor, and Roland Dobbins, Cisco - Moderators

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets throughout the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum.

See https://puck.nether.net/mailman/listinfo/nsp-security for additional information.

If you would like to contribute to the BOF, please send email to danny@arbor.net.

AGENDA
---
Probing Open Recursive Name Servers
John Kristoff

Analyzing the results of remote open recursive name server probes.  We look at the effectiveness of different probing
techniques against different sets of data including reflectors used in recent attacks, other known open recursives and a
large set of DNS server queriers.  Some of the who and what are open will be briefly examined as as well as some
unexpected responses to our probes that may invite further analysis.

---
Infrastructure Security Survey Results
Craig Labovitz

---
Does Web 2.0 = Security 0.0?
Roland Dobbins

'Web 2.0' hosted applications are going mainstream; recent events have highlighted the fact that not only enterprises, but millions of small businesses, SOHO users, and individuals who depend upon these applications are adversely impacted when disruptive network events occur.  However, there has to date been little or no engagement between the traditional computer security community, the operational security community, and the developers/providers of these applications.

What can be done - and what *should* be done, and by whom - to help integrate 'Web 2.0' application providers into the operational security community?  What role, if any, should nsp-sec play?

-----
Email question for discussion from Monika Machado

What tools are used by network operators for event correlation and aggregation and how effective are these tools for trending, analysis and reacting to incidents?

---
Open MIC/Discussion