^ Top

NANOG Meeting Presentation Abstract

Tutorial: ISP Security: Deploying and Using Sinkholes
Meeting: NANOG28
Date / Time: 2003-06-02 3:30pm - 5:00pm
Room: Seasons Ballroon
Presenters: Speakers:
Barry Raveendren Greene, Cisco Systems.
Danny McPherson, Arbor Networks.
Abstract: Sinkholes are a flexible security tool that add a wealth of new capabilities to an ISP\'s security toolkit. ISPs are using sinkholes to track infrastructure port scanning, identify and classify attacks, packet capture attack flows, trace attacks through their networks, and divert attack flows from the target of the attacks. Sinkholes also enable a variety of new applications brought about through necessity and growing operational experience. Sinkholes go beyond narrowly focused tools like black hole servers, Tarpits, and Honeynets. Sinkholes may be used to perform any or all of these functions, but often incorporate all of these and more.

This tutorial will explain how to build a sinkhole, using generalized examples from ISP deployments around the world. Configuration using JUNOS and IOS will be used to demonstrate the various ways trigger routers and target routers in the sinkholes are safely, scalably, and efficiently configured. Architectural considerations relating to network topology and placement of sinkholes in the ISP\'s network will be covered, along with anycast deployment options. A multitude of tools that can be placed inside the sinkhole will also be discussed. These include a variety of freeware, shareware, home-built, and commercial tools - covering the diversity available to ISPs of any size.

This tutorial is recommended to ISP engineers of all experience levels. The source materials are derived from live operational deployments, which can be modified and applied to any large IP transport network.
Files: youtubeISP Security: Deploying and Using Sinkholes
pdfISP Security: Deploying and Using Sinkholes(PDF)
Sponsors: None.

Back to NANOG28 agenda.

NANOG28 Abstracts


^ Back to Top