Sat
Sun
Mon
Tue
Saturday, October 16, 2004
Topic/Presenter
Recordings
Full Abstract

This intermediate-level tutorial offers attendees a view of some common practices for operating a blackhole service. As security concerns abound in the Internet, operators and providers are constantly exploring methods for protecting their networks and customers. During this intermediate-level tutorial we assume that attendees have basic IGP and BGP networking skills. We then build on this basic knowledge by discussing announcement methods for blackholing traffic across the network. In addition, some options for counting and logging the discarded traffic are discussed. Throughout the tutorial, operational and configuration commands from multiple vendors are used to illustrate the tutorial concepts.

A brief outline of the material follows:

  1. Assumptions
  2. Discard options
    • Static route to null
    • Discard interface
  3. Mapping addresses to blackhole services
    • BGP advertisements
    • Communities
    • Multihop options
    • Altering next hop
  4. Injecting routes
    • Dedicated server
    • Accepting routes from customers
    • Accepting routes from peers
  5. Accounting and Counting Options
    • Filters
    • ACLs
    • Counters
    • Syslog
    • Logging
  6. Who to discard?
    • Attacks from customers
    • Attacks to customers
    • Unallocated address space (bogons?)
    • Attacks from peers

Speakers
Wayne Gustavus, Verizon
Wayne Gustavus Wayne Gustavus is a member of the IP Operations Support team for Verizon Internet Services. He is a Cisco Certified Internetwork Expert and has over 10 years experience in the networking industry. His current responsibilities at Verizon include supporting the national, multi-vendor router network that provides IP services for consumer and business customers. Wayne is a member of the NSP-SEC community and is active in Verizon's security operations, including the Inter-NOC Dial-By-ASN (INOC-DBA) network, anti-DDoS efforts, and blackhole routing infrastructure.

Joe Soricelli, Juniper
Joseph M. Soricelli is a Professional Services Engineer at Juniper. He is a Juniper Networks Certified Internet Engineer, a Juniper Networks Authorized Instructor, and a Cisco Certified Internet Expert. He is the author of Juniper Networks Certified Internet Associate Study Guide and Juniper Networks Certified Internet Specialist Study Guide. In addition to writing numerous training courses, he has worked with and trained carriers, telcos, and ISPs throughout his career in the networking industry.
Recordings
Full Abstract

This tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. This includes the options available when multihoming to the same ISP (including RFC2270) and to different upstreams. Configurations for modifying inbound and outbound traffic flows are covered. The tutorial concludes with a case study and an examination of the use of BGP communities by several ISPs.

Speakers
Philip Smith, Cisco Systems
Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent five years at PIPEX (now part of UUNET's global ISP business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.
Sunday, October 17, 2004
Topic/Presenter
Full Abstract

Speakers
Philip Smith, Cisco Systems
Recordings
Full Abstract

The management and administration of Internet number resources will be examined in this tutorial. Beginning with an overview of the Regional Internet Registry (RIR) system, the structure, characteristics, and services of an RIR will be explored. Current trends in the global structure, such as the Number Resource Organization (NRO), Address Supporting Organization (ASO), and the World Summit on the Information Society (WSIS) will be discussed. Specific ARIN activities such as registration services, policy development, training, and elections will be detailed. Lastly, the current state of the distribution of Internet number resources will be detailed.

Speakers
Richard Jimmerson, ARIN
Ray Plzak, ARIN
Full Abstract

AOL cordially invites all NANOG attendees to a Welcome Reception on Sunday, October 17th, from 5:00 - 7:00 p.m. This event is sponsored by ATDN, AOL's ISP Backbone. It is being held at the Pavilion in the middle of Reston Town Center, just outside the hotel. Please join us for hors d'oeuvres and an open house bar.

AOL cordially invites all NANOG attendees to a Welcome Reception on Sunday, October 17th, from 5:00 - 7:00 p.m. This event is sponsored by ATDN, AOL's ISP Backbone. It is being held at the Pavilion in the middle of Reston Town Center, just outside the hotel. Please join us for hors d'oeuvres and an open house bar.
Recordings
Full Abstract

This is an Introductory/Intermediate Tutorial

Speakers
Tim Battles, AT&T
Tim Battles is a part of AT&T Labs. He has been with AT&T since 2000, working in the Operations Center for the AT&T Common Backbone Group directly supporting AT&T Operations for Security Engineering Support. Tim's IP Security Team supports AT&T Broadband, AT&T Voip, AT&T Hosting, AT&T Dial Platform, and AT&T MIS, both domestically and internationally.
Recordings
Full Abstract

This presentation highlights real IPv6 deployment techniques in service provider networks. After attending this presentation, the listener will be able to test IPv6 deployment techniques in a lab environment and deploy the technology in their networks.

Speakers
Salman Asadullah, Cisco Systems
Salman Asadullah, a Technical Leader at Cisco Systems, has been designing and troubleshooting large-scale IP and multiservice networks for over eight years. He has represented Cisco at industry panel discussion and technical conferences such as Networkers, APRICOT, SANOG, IETF, NAv6TF, APACv6TF, and the IPv6 Forum. He is co-author of an IETF draft, technical articles, and white papers, as well as Cisco CCIE Fundamentals: Network Design & Case Study, and PDIO of the IPT Networks. Salman holds a B.S. in Electrical Engineering from the University of Arizona and an M.S. in Electrical Engineering from Wichita State University in Kansas.

Ciprian Popoviciu, Cisco Systems
Ciprian Popoviciu is a Technical Leader at Cisco Systems, with over seven years of experience designing, testing, and troubleshooting large customer networks. As part of Cisco's Network Solution Integration Test organization, Ciprian designed and tested large IPv6 network deployments in direct collaboration with service providers, evaluated IPv6 features, and worked with test tool vendors to integrate them in their products. He has contributed to white papers and IETF drafts, and has given several invited talks at IPv6 workshops and training programs for network technology professionals. Ciprian holds a B.S. in Physics from Babes-Bolyai University, Romania, and M.S. and Doctorate degrees in Physics from the University of Miami.
Recordings
Full Abstract

Over the past couple of years, critical vulnerabilities in systems software coupled with malware containing IRC-based clients has led to a rising number of compromised hosts that have become part of one or more 'bot' networks used for spam, DoS attacks, sniffing, and file trading. Network operators have had to become increasingly involved in helping to mitigate bots and botnets. This session uncovers the beginning steps network operators can take to root out and disrupt botnets.

Speakers
John Kristoff, Northwestern University
John Kristoff is a network engineer in the Telecommunications and Network Services division at Northwestern University. He is primarily interested in TCP/IP-based networks and in particular end-to-end issues, switching/routing, multicast, and network security.
Recordings
Full Abstract

Network operators are accustomed to protecting their own networks from inbound attacks, but the greatest threat today can be detected in outbound traffic. Compromised scripts and unwary customers provide a means of infiltration, and detection is best done by monitoring outbound traffic.

Speakers
Carl Hutzler, America Online
Charles Stiles, AOL Time Warner
Charles Stiles is the Postmaster of America Online, Inc. His responsibilities include the management of day-to-day operations, oversight of the personnel running AOL's anti-spam technologies, and providing up-to-date information on AOL's anti-spam initiative to ISPs, corporations, legislators, the public, and mass media.

Charles began his career with service in the Oklahoma Air National guard as a Cable Communications Engineer. He joined America Online to serve in AOL's Member Services Department in 1996, and became a member of AOL's Network Operations Center staff in 2000. Charles began working on the anti-spam effort in 2002, the year of its inception. During this time his team has initiated real-time responses to current spam attacks and begun taking a proactive stance in preventing future attacks.
Recordings
Full Abstract

Recent presentations to previous NANOG meetings have shown us some of the historical insights gathered by the experienced crowd at some of the U.S.-based exchanges. We in a way intend to follow up on that topic, by illustrating the more recent developments that the Amsterdam Internet Exchange (AMS-IX) has gone through, in its attempts to address the never-ending demand for bandwidth that AMS-IX, like many others, is facing.

We will discuss and illustrate the various substantial platform changes that this IX went through in the past months, particularly focusing on one indispensable new platform element that was introduced recently: the optical switch. The insertion of optical switches into our main infrastrucure has enabled us to migrate our whole platform, including a complete architectural makeover, without ever imposing any substantial downtime on our customers.

Speakers
Romeo Zwart, Amsterdam Internet Exchange
Romeo Zwart joined the Amsterdam Internet Exchange in January 2001 as a member of the AMS-IX technical team, which is in charge of day-to-day operations of the exchange, and also responsible for services design and longer-term development of the AMS-IX platform. Before joining AMS-IX, Romeo worked for several years with AT&T and AT&T Wireless, with a focus on IP telephony and 3G wireless architecture. Romeo started his career in the mid 1980's at the Academic Computer Center of Amsterdam, where he became involved operationally in the academic Internet community in the Netherlands.
Monday, October 18, 2004
Topic/Presenter
Recordings
Full Abstract

All Internet routers contain buffers to hold packets during times of congestion. Today, the size of the buffers is determined by the dynamics of TCP's congestion control algorithm. In particular, the goal is to make sure that when a link is congested, it is busy 100% of the time; which is equivalent to making sure its buffer never goes empty. A widely used rule-of-thumb states that each link needs a buffer of size B = RTT X C, where RTT is the average round-trip time of a flow passing across the link, and C is the data rate of the link. For example, a 10Gb/s router linecard needs approximately 250ms X 10Gb/s = 2.5Gbits of buffers; and the amount of buffering grows linearly with the line-rate. Such large buffers are challenging for router manufacturers, who must use large, slow, off-chip DRAMs. And queueing delays can be long, have high variance, and may destabilize the congestion control algorithms.

In this talk we argue that the rule-of-thumb B = RTT X C is now outdated and incorrect for backbone routers. This is because of the large number of flows (TCP connections) multiplexed together on a single backbone link. Using theory, simulation and experiments on a network of real routers, we show that a link with n flows requires no more than B =(RTT X C) / sqrt{n}, for long-lived or short-lived TCP flows. The consequences on router design are enormous: A 2.5Gb/s link carrying 10,000 flows could reduce its buffers by 99% with negligible difference in throughput; and a 10Gb/s link carrying 50,000 flows requires only 10Mbits of buffering, which can easily be implemented using fast, on-chip SRAM.

We also present recent data on how a live network with real traffic performs with reduced router buffers.

Speakers
Guido Appenzeller, Stanford University
Guido Appenzeller is currently finishing his Ph.D. at Stanford University, where his thesis topic is the sizing of router buffers with Prof. Nick McKeown. Guido is also founder and CTO of Voltage Security, a Palo Alto-based startup pioneering identity-based encryption technology. He was recently named to the MIT Technology Review's prestigious TR100 list of top young innovators.
Recordings
Full Abstract

Various techniques to protect BGP routing have been proposed. To be deployed, these techniques must be rigorously tested and evaluated. Deter/ Emist routing group is building a routing testbed to create an experimental infrastructure and developing evaluation methods. In this talk, we describe the testbed architecture and share experience gained learned in the testbed setup.

To create realistic BGP dynamics, we inject live Internet BGP routing traffic into the testbed. We have also developed an integrated statistical and visual-based anomaly detection engine to analyze and visualize the BGP dynamics. For the first step, we conduct two BGP attack experiments: an origin AS change attack and a differential damping penalty attack. In the damping attack, we discover the subtle implementation difference between zebra router and Cisco router, which causes the different attack effects.

Speakers
Chen-Nee Chuah, University of California, Davis
Kwan-Liu Ma, University of California, Davis
Soon-Tee Teoh, University of California, Davis
Shih-Ming Tseng, University of California, Davis
Felix Wu, University of California, Davis
Ke Zhang, University of California, Davis
Ke Zhang is currently a Ph.D student in the Department of Computer Science at the University of California, Davis. He is a member of the routing group in the Deter/ Emist project. His research interests include inter-domain routing protocols, routing security, and visualization.
Full Abstract

Arbinet
Full Abstract

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets through out the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum (see https://puck.nether.net/mailman/listinfo/nsp-security.)

Speakers
Roland Dobbins, Cisco
Merike Kaeo, Double Shot Security
Merike Kaeo is Chief Network Security Architect at Double Shot Security. She is the author of Designing Network Security, published by Cisco Press, which has been published in eight languages and is being used as a curriculum textbook in a variety of network security courses. Merike is a member of the IEEE and was co-chair of the IETF IP Performance Metrics working group from 2000-2003. Prior to founding her own company, Merike was employed by Cisco Systems, Inc., where she worked primarily on technical issues relating to router performance, network routing protocols, network design, and network security.

Merike started her networking and information security career in 1988 at the National Institutes of Health, designing and implementing the original FDDI backbone for the NIH campus using Cisco routers. She received her BSEE from Rutgers University in 1987 and completed her MSEE degree from George Washington University in 1998.
Recordings
Full Abstract

Speakers
Rich Colella, AOL
Richard Colella began his professional career in networking over 25 years ago in the "ARPANET Era". He's been involved in a variety of endeavors, including seismic data collection and analysis; applied research in protocol testing and development; and building very large data center and wide area networks. Currently Rich is the Director of Architecture and Backbone Networking at AOL. In this role, he oversees the network architecture supporting all AOL products, such as the AOL and Compuserve services, MapQuest, AIM, and ICQ. He also has responsibility for ATDN, a Tier1 ISP that provides service to all AOL products, as well as many other TimeWarner properties, such as TimeWarner Cable, CNN, Time, NewLine Cinema, and Warner Brothers.

Ron da Silva, Time Warner Cable
Ron da Silva is the Director of Broadband Network Technology for Time Warner Cable. He is responsible for network strategy at the Broadband Division, where he is leading the development of its next generation broadband IP network. Prior to joining Time Warner Cable, Ron spent six years as the Principal Network Architect at America Online, Inc. At AOL, he was responsible for designing and scaling the company's data networks. Before AOL, Ron served as a principal engineer for Sprint's internet backbone. Ron began his career in 1992, when he started systems and LAN administration while completing his Bachelor of Science in applied mathematics and English at Old Dominion University (1994). Ron also serves on the Technical Advisory Council for ARIN.

Susan Harris, Merit Network
Susan Harris coordinated NANOG meetings and was Senior Science Writer at Merit Network at the University of Michigan. She was also Merit's Webinator. Susan has been working in IT for 20 years, mostly in telecommunications and network engineering. Before discovering computers she spent her time reading Babylonian contracts and earning a Ph.D. in ancient Near Eastern History at the University of Michigan.

Ray Plzak, ARIN
Ray Plzak is currently the President and CEO of ARIN. Prior to assuming his current position, Ray, as an Assistant Vice President with SAIC, managed the DoD NIC under a contract with the Defense Information Systems Agency. He is a co-chair of the IETF DNS Operation Working Group and co-author/contributor of several IETF technical papers pertaining to the operation of the Internet. Ray is also a member of the ISOC Advisory Committee and ICANN's Root Server System Advisory and DNS Security Advisory Committees.
Full Abstract

Speakers
John Kristoff, Northwestern University
Recordings
Full Abstract

Unlicensed wireless radios such as 802.11 systems have significantly reduced the cost and technical knowledge needed to deploy wireless networking. The technology is now attractive not only for the office and home user, but also to ISPs for last-mile, to educational institutions and corporations for campus networking, and for the Internet activist working on full neighborhood connectivity. Unfortunately, by its nature, unlicensed wireless networks will encounter more interference as more users dive in. This talk will cover some of design principals to get the most from your wireless deployments.

Speakers
Tim Pozar, Late Night Software
Tim Pozar is a communications consulting engineer specializing in microwave engineering for government and commercial applications. He was an early entrepreneur and developer in the Internet startup area, by co-founding a number of companies such as TLGnet, San Francisco's first ISP, and Brightmail, the first commercial anti-spam company. Previous to this for 25 years, Pozar was a radio broadcast engineer for commercial and non-commercial radio stations.

Pozar is active in community wireless networking. As such he is a co-founder of the Bay Area Wireless User Group. Pozar is also leading an effort called Bay Area Research Wireless Network (BARWN). BARWN studies issues such as scaling and sustainability when deploying wireless high-speed Internet access for urban and rural settings to address digital divide issues. The BARWN network is currently being built out through the San Francisco Bay area and is based on very low-cost unlicensed equipment. Pozar has also published a number of papers covering regulatory issues in the United States and engineering of high speed wireless networks, and is active in the development of wireless regulatory policy.
Full Abstract

ARIN's mission includes fostering a consensus-based, community-driven policy process, and facilitating Internet advancement by providing information and educational outreach. In that spirit, ARIN is looking for more effective ways to channel the expertise and experience of network operators into Internet number resource policy discussions and the development of educational tools to benefit the broader Internet community.

The network operator community is invited and encouraged to offer suggestions as to how these goals can best be accomplished.

Speakers
ARIN staff
Recordings
Full Abstract

Ratified as an IEEE standard in 2001, 802.1X defines port-based network access control. While providing a host of benefits to network operators, adoption of 802.1X has been slow--much slower than the rapid deployment experienced by 802.11b.

This presentation highlights 802.1X deployment experiences at a number of institutions, focusing particularly on lessons learned that will (we hope) serve to aid others in deploying this technology.

Additionally, there are a number of obstacles that have yet to be satisfactorily resolved and impede many organizations from deploying 802.1X. These include vendor implementation issues, client compatibility problems, and the rate of change in encryption standards and associated client software support.

Speakers
Terry Simons, University of Utah/open1x.org
Terry Simons is a developer and member of Open1x, an Open Source 802.1X project focusing mainly on Xsupplicant, an 802.1X client for Linux. He is co-author of the University of Utah Wireless white paper and author of the Networld + Interop "Decentralized Scalability with 802.1X" white paper. Terry's university duties include general network maintenance, 802.1X client and authenticator testing and support, and Radius mesh administration.

Jon Snyder, Portland State University
Jon Snyder is the Data Network and Systems Team Leader at Portland State University. In that capacity, he is responsible for PSU's campus network and the Portland Research and Education Network, a consortium that provides Internet2 access in the Portland metropolitan area. He received his B.S. at PSU in 2000.
Recordings
Full Abstract

This talk will cover the datacenter network architecture for supporting very high bandwidth caching and streaming complexes, as well as strategies for migrating content closer to the end-user.

Speakers
Vijay Gill, AOL Time Warner
Recordings
Full Abstract

Building and operating a multi-service network has been something many providers have talked about for many years, but not many have succeeded. Learn how you can accomplish this in your company, as well as some strategies for extending the reach of multi-service networks through partners. There is an overview of a typical VoIP infrastructure and how VoIP peering works, as voice is a key driver for implementation of a multi-service network.

Speakers
Dave Siegel, Global Crossing
Dave Siegel has been involved with Internet network engineering since 1992, He has been with Global Crossing since 1998 in various roles, with a primary focus in IP network architecture, design, and implementation. He is presently the Vice President of Network Architecture & Long Range Planning, and has responsibility for planning the network strategy for Global Crossing's transport, voice, and IP service platforms.
Recordings
Full Abstract

Internet Service Providers often establish contractual peering agreements, in which they agree to forward traffic to each other's customers at no cost. "Consistent route advertisement at all peering points" is a common provision in these agreements, because it gives an AS the flexibility to select egress points for the traffic (e.g., performing "hot potato" routing). Verifying "consistent export" is challenging because route advertisements are exchanged at multiple peering points and may be modified by routing policies.

In this talk, we propose two algorithms to detect inconsistent routes using routing and configuration data from an AS's border routers. The first algorithm requires access to all eBGP routes advertised by a peer. Because this data is often unavailable, we propose another algorithm that detects inconsistencies using readily available data.

We have applied our algorithms to the routes advertised by the peers of AT&T's commercial IP backbone. Although a peer may intentionally send inconsistent advertisements to prevent its neighbor from performing hot-potato routing, we also discuss several configuration scenarios in which a peer may inadvertently advertise inconsistent routes, despite having consistent export policies. Finally, we explain how simple modifications to the routers could make detection of inconsistent advertisements much easier than it is today.

A writeup that explains our algorithms and experience in further detail is available at:

http://nms.lcs.mit.edu/~feamster/papers/bg-imc04.pdf">http://nms.lcs.mit.edu/~feamster/papers/bg-imc04.pdf

Speakers
Nick Feamster, MIT
Z. Morley Mao, University of Michigan
Jennifer Rexford, AT&T Research
Recordings
Full Abstract

This talk presents the Link-Rank tool for monitoring BGP dynamics. Network events such as failures and policy changes cause routes to change, and often result in a ripple effect observed at various places with a large number of BGP updates. "Link-Rank", a Java-based graphical toolset, is designed to help extract routing change dynamics from the multiple gigabytes of BGP log data. Link-Rank weights the links between Autonomous Systems by the number of routing prefixes going through each link and generates Rank-Change graphs that capture the route changes in each time interval. A time series animation presents these rank-change graphs in an easy-to-understand manner. The toolset also provides a feature to combine views from multiple observation points to give a more complete picture of BGP dynamics. Using the Link-Rank toolset, we show how these graphs can be used to understand BGP route change events and narrow down possible locations that originated the changes. We also show how combining views into a single graph can increase the accuracy of event diagnosis and provide useful insight. This work complements existing toolsets such as BGPlay, which focus on routing changes to a single (or small number) of prefixes. By presenting views from multiple vantage points, Link-Rank provides a large-scale picture. This broad view can then be used to identify individual prefixes for further detailed examination by BGPlay to produce better insights.

Speakers
Mohit Lad, UCLA
Mohit Lad is a Ph.D. student in the Computer Science Department at the University of California, Los Angeles. His research interests are routing and fault diagnosis in networks. Mohit's current research focuses on fault characterization in path vector protocols and understanding BGP dynamics.

Dan Massey, Colorado State University
Lixia Zhang, UCLA
Recordings
Full Abstract

VeriSign operates j.root-servers.net. This server has undergone some interesting changes in the past two years. In November, 2002, the server's IP was changed and we will present data surrounding the renumbering event. Starting in early 2003, we began anycasting this server. Now with more than a dozen sites, we will present data surrounding the distribution of queries to the various anycast instances, focusing on geolocation. Finally, the old IP address of j.root-servers.net continues to receive traffic two years after having been renumbered. We will present an analysis of the specific traffic received.

Speakers
Piet Barber, Verisign
Mark Kosters, Verisign
Matt Larson, Verisign
Pete Toscano, Verisign
Recordings
Full Abstract

This talk provides an update on RPSLng, which enhances the Routing Policy Specification Language with support for IPv6 and multicast. Topics to be covered include a brief overview of the changes in RPSLng (with examples), an update on the RPSLng IETF standards status, and RPLSng implementation status and deployment plans.

Speakers
Larry Blunk, Merit Network
Larry Blunk is a developer and researcher for Merit Network, Inc. There he serves as the project lead for the Routing Assets Database (RADb) service. He initially joined Merit in 1985 and his current interest areas of interest include routing registries, internet-domain routing security, and IPv6.
Recordings
Full Abstract

Speakers
Rich Colella, AOL
Ron da Silva, Time Warner Cable
Susan Harris, Merit Network
Ray Plzak, ARIN
Tuesday, October 19, 2004
Topic/Presenter
Recordings
Full Abstract

In a post 9/11 world, there is great interest in enhancing the ability of telecommunications networks and other critical infrastructures to withstand terrorist attacks. Wherever possible, there is a strong desire to use market mechanisms to drive necessary changes.

Might there be instances where market forces would not motivate necessary change, or might not drive it quickly enough? Is there a role for government in such cases, and if so how might government best intervene, with as little burden or market distortion as possible? What risks might be associated with trigger-happy or ill-advised interventions? Do those risks exceed the risks that might be associated with a failure to intervene when legitimately needed?

Two recent government studies bear on this issue. One is a report from the NIAC, a presidential advisory committee: "Best Practices for Government to Enhance the Security of National Critical Infrastructures". Another is a report by the NTIA (a unit of the Department of Commerce) on IPv6.

Speakers
Scott Marcus, FCC
Scott Marcus is Senior Advisor for Internet Technology for the FCC. He is a member of the FCC's Homeland Security Policy Council, and a participant in the NIAC Working Group "Hardening the Internet". He is also the author of "Evolving Core Capabilities of the Internet", a paper that deals with many of the themes covered in this talk and which will appear shortly in the Journal on Telecommunications and High Technology Law.

Scott is a former BBNer -- prior to joining the FCC in 2001, he was Chief Technology Officer (CTO) at GTE Internetworking (Genuity). He also served as a trustee of ARIN from 2000 to 2002.
Recordings
Full Abstract

There have been a number of efforts to capture the current state of the routing space and visualize this in some form. The approach taken in this work is to look at the address space, and the use of addresses in routing, to create a discrete"'snapshot" of the routing space once per day, and to use this sequence of images as the raw data for a movie file. The presentation looks at the consumption of IPv4 address space and AS numbers since 1983.

BGP Movie (AVI)

Speakers
Geoff Huston, APNIC
George Michaelson, APNIC
Philip Smith, Cisco Systems
Recordings
Full Abstract

Recently we have observed various types of DNS anomalies due not only to misconfigurations such as lame delegations, but also due to malicious DoS attacks on DNS servers. However, discussion of DNS anomalies are mainly focused on DNS root servers and authoritative servers, and DNS cache servers have been hidden inside providers and rarely exposed.

The authors report their experiences with high-load DNS cache servers with regard to worms and misconfigurations. Although providers are always preparing such high loads, everybody will be happy if unnecessary DNS queries are avoided. Firstly, the authors describe the heavy load caused by worms, and suggest how to avoid the problem. Secondly, the authors present the heavy load caused by an authoritative server which has oversize records. The authors propose modifying BIND as a workaround.

Speakers
Kazunori Fujiwara, JPRS
Keisuke Ishibashi, NTT Labs
Masahiro Ishino, NTT Communcations
Katsuyasu Toyama, NTT Labs
Katsuyasu Toyama is a senior research engineer at NTT Laboratories. He was involved with the establishment of the first Japanese datacenter company, Internet Multifeed Co., in 1997, and there he designed JPNAP's network and services in 2000. Toyama-san's current interests focus on bridging network operations and network research, especially the core technologies of the Internet, such as interdomain routing, name resolution, and security.

Tsuyoshi Toyono, NTT Labs
Chika Yoshimura, NTT Communcations
Chika Yoshimura joined NTT Communications Corporation in 2003, immediately after she earned her baccalaureate degree from Keio University in Japan. Her work focuses on operations of the Domain Name System in OCN, which is an ISP in Japan.
Recordings
Full Abstract

The DNS security protocol, DNSSEC, has been under development for more than a decade and is now emerging from the design and standards (IETF) process. The focus is now on deployment. Multiple groups are now engaged in putting DNSSEC into use. Zones at all levels, from the root down through enterprises, need to be signed, and end systems and resolvers need to evolve to make use of these signatures.

This talk will cover the deployment steps, status, and issues.

Speakers
Rob Austein, Internet Systems Consortium
Rob Austein is a software engineer at the Internet Systems Consortium. Prior to his incarceration at ISC, he also served time at InterNetShare, Inc., Integrated Systems, Inc., Epilogue Technology Corporation, and MIT's Laboratory for Computer Science. After spending a number of years working on everything from mainframes to deeply embedded systems, Rob has at one time or another worked at almost every layer of the protocol stack, but feels most at home somewhere around layer 3. He is, however, probably best known for having wandered aimlessly into the early specification and deployment of the DNS, and, as a result, has spent entirely too much of the intervening time at layer 9. At present, Rob spends 50 weeks out of every year trying to figure out how (and why) the Internet works; the other two weeks of each year are usually devoted to gravitational research in the Tetons.

Steve Crocker, Shinkuro
Dr. Steve Crocker is CEO and co-founder of Shinkuro, Inc., a startup company conducting Internet research and building tools for cooperation and collaboration across the Internet. He is on the board of the Internet Society and chair of ICANN's Security and Stability Advisory Committee.

Suresh Krishnaswamy, SPARTA, Inc.
is a Research Scientist at SPARTA, Inc., and has a background in information security. He holds a Masters degree in Computer Science from the University of Kansas and a Bachelor of Engineering degree from the University of Mumbai, India. He has been working on DNSSEC deployment related issues for almost a year and has spent significant time looking at the operational issues involved in deploying DNSSEC within some environments. Before joining SPARTA, he was a Research Scientist at Network Associates Laboratories (now McAfee Labs), where he participated in the DARPA-funded Active Networks Fault Response project for about two years, contributing to the design and development of various prototype fault-tolerant features in active networks.

Russ Mundy, SPARTA, Inc.
Russ Mundy is a Principal Networking Scientist at SPARTA, Inc., with over 25 years of experience in network security, high-assurance computing systems, and protocol development. In his current position with SPARTA he heads the Network Security Group, whose current and past projects include a DHS-funded project whose goal is facilitating DNSSEC deployment, reference implementations of the DNSSEC and SNMPv3 protocols, and the reference implementation of HAIPE (High Assurance Internet Protocol Encryptor) network management. HAIPE is a government program to provide high assurance, end-to-end encryption at the IP protocol layer. Russ currently serves as a member of the ICANN Committee on Security and Stability for the Internet.
Recordings
Full Abstract

As national utility infrastructures become intertwined with emerging global data networks, the stability and integrity of the two have become synonymous. This connection, while necessary, leaves network assets vulnerable to the rapidly moving threats of today's Internet, including distributed denial of service attacks, fast moving worms, and routing exploits. This presentation introduces the Internet Motion Sensor (IMS), a globally scoped Internet monitoring system whose goal is to measure, characterize, and track threats.

The IMS architecture is based on three novel components. First, a Distributed Monitoring Infrastructure increases visibility into global threats. Second, a Lightweight Active Responder provides enough interactivity that traffic on the same service can be differentiated independent of application semantics. Third, a Payload Signatures and Caching mechanism avoids recording duplicated payloads reducing overhead and assists in identifying new and unique payloads. We explore the benefits of this system in the context of a three-year deployment across multiple dark address blocks ranging in size from /24s to a /8. Data gathered from these deployments is used to demonstrate the ability of the IMS to capture and characterize recent activity, such as that on Sasser and Dabber Backdoors.

Speakers
Michael Bailey, University of Michigan
Tim Battles, AT&T
Evan Cooke, University of Michigan
Danny McPherson, Arbor Networks
Download the full event calendar