| Time | Item | Who | Notes | 
|---|
|  | Summary of RepShield/NERD activity | Václav / Tomáš | https://docs.google.com/presentation/d/1krZgQarDQ23BWZt_EnCbPZZE7BRI6TOPI23kM7ig2sk/edit?usp=sharing->RepShield should allow to search events by category, especially DDoS (for FOD)RepShield should receive NSHaRP events, especially ons regarding DDoS (for FOD)RepShield could differentiate different score values based on different time intervals (e.g. 1hour, 1week, 1month)open questions, especially regarding FOD rule proposal:How could suspect IP address effectively and accurately aggregated to prefixes for FOD rules (depending on the scalability regarding number of FlowSpec Rules in a Router)How could in future further information gained about suspect IP addresses by monitoring their activity with statistics of FOD ALLOW rules feed back to RepShield and its calculated scoreIs RepShield also useful for proposing firewall rules for envisioned SDN/NFV-based FwaaS (as successor of FOD) - maybe based on/being compatible with vendor solutions from, e.g., Corsa, A10, Radware; how would it have to be extended for that (also regarding feedback from FwaaS)In Future: RepShield Distributed, e.g., per NREN, exchanging local reputation score values (to overcome issues of legal/organizational/privacy policies)
 | 
|  | Status of FOD
 |  |  | 
|  | DDoS Detection/Mitigation WG |  | RadWare? POC at CIENA in cooperation with GARR: GARR is still studying this complex product with may functionalities (mainly behaviour analysis based on thresholds)-> In general: complex configuration/customization (thresholds), depending on local set-up
   Fastnetmon testing at GARR: The learning phase of the RadWare POC at GARR is progressing.Issue with fastnetmon is that it has to be configured according to local set-up, e.g. bandwidth of monitored links and other thresholds which normally only a local admin knows about-> Silvia/Nino prepared a draft of a scenario for multi-domain use of fastnetmon in GEANT community where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision (e.g. via FOD).They will work out that draft in the T6 wiki
   A10+Flowmon DDoS Defender POC at GEANT: FlowMon DDoS Defender module of FlowMon for detection of DDoS attacks works fine.But issues with signalling the A10 box the correct mitigation exists, as currently used script on A10 box for this has to many limitations and restrictive assumptions only valid in regulated, commercial company networksScript will have to expanded with help of A10Also issues with feedback/statistics for NSHaRP about mitigated traffic (especially regarding TCP packets with zero window size)
 Waiting for Deepfield POC at GEANT Also planned POC of CORSA filter box
   DDoS D/M Survey: Tomáš forwarded the survey invitation to responsible person in CESNET. Waiting for answer;Evangelos checked with Mark Johnston (SA1) whether it would be useful to sent invitation to APM list -> YesEvangelos will sent invitation to APM listEvangelos will also send invitation to ddos@lists.geant.org
 | 
|  | Certificate Transparency |  | Task-internal Demo/Presentation (user view of CT): user-stories for CT have been defined in text-formnow actual presentation has to be prepared
 | 
|  | F2F Meeting Planning |  | New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of voyage duration)So, first the potential locations have to be found. Candidates currently are:Garching near Munich (LRZ)PragueRome ? (Silvia/Nino have to check)Stockholm ?
 | 
|  | Next Regular T6 VC |  | In 2 weeks: 08.03.2017, 14:15-15:15 CE(S)T |