Relying on RARE for DDoS Attack Protection

Name: Relying on RARE for DDoS Attack Protection
Start: 2023-12-08T14:00:00+01:00
End: 2023-12-08T15:15:00+01:00
Location: No location set

Starts 8 Dec 2023, 14:00

Ends 8 Dec 2023, 15:15

(Timezone - Europe/Berlin)

Virtually Hosted ( https://geant.zoom.us/j/63276787502?pwd=Y2IwUndMckNwdFUzYjFlSVE5M3h2dz09 )

Description

Relying on RARE for DDoS Attack Protection - Demonstrating RARE Integration with GÉANT DDoS Attack Protection Services (FoD and NeMo Use Cases)

Firewall-On-Demand (FoD) is a DDoS mitigation software developed and well-established as a service in GÉANT to enable the NREN NoC admins as users of the service to mitigate DDoS attacks through the GÉANT core towards their connected networks by FlowSpec rules controlled on their own without need to contact the GÉANT NoC.

The NeMo-DDoS software is a powerful tool for Netflow-based DDoS and traffic anomaly detection and analysis. It was originally developed to address NREN-specific network analysis needs and has been enhanced ever since. The software can be obtained and installed locally by GÉANT-associated NRENs to enhance backbone traffic visibility and enable DDoS workflows.

This infoshare will present the efforts of the RARE team on integrating FreeRtr with well-established GÉANT services used for the detection and mitigation of DDoS attacks, i.e. Firewall on Demand (FoD) and NeMo. Specifically, the challenges of integrating these services with FreeRtr will be discussed and brief demonstrations of the whole DDoS protection process will be made.

For more information contact netdev@lists.geant.org.

This event was recorded and is available at https://youtu.be/0rOTo1rh18w

https://geant.zoom.us/j/63276787502?pwd=Y2IwUndMckNwdFUzYjFlSVE5M3h2dz09

Registration

Participants

benjamin lajoie
Bertrand LEMAITRE
Carolina Fernández
Florian LE TOUMELIN
Jarosław Wieczorek
Julien VALIENTE
Karol Beyrowski
Loris PROUTEAU
Ludovic AUXEPAULES
Mingyuan Zang
Miroslav Goldgamer
Pavle Vuletić
Petri Schroderus
Zenon Mousmoulas
+37

- 14:00 → 14:05
  
  Frédéric Loui: Introduction
  
  GN5-1-WP6T1-DDOS-MITIGATION-INFOSHARE-20231208.pdf
- 14:05 → 14:30
  
  David Schmitz: Automated Demonstration of DDoS Mitigation with FoD and Freertr using Docker Compose or Containerlab
  
  After a short introduction of FoD in general, an automated demo-ing of DDoS mitigation with BGP FlowSpec using Firewall-On-Demand (FoD) in a virtual network environment created by freeRTR is presented.
  The virtual network is comprising an attacker host and a victim host which are interconnected with a BGP FlowSpec-capable freeRTR router BGP peering with FoD.
  Two execution alternatives for the same automated FoD mitigation demo are demonstrated, one based on Docker Compose and one based on Containerlab (https://containerlab.dev/).
  
  infoshare-2023-12-08-fod.pdf
- 14:30 → 14:55
  
  Nikos Kostopoulos: Walkthrough of NeMo Integration with RARE for DDoS Attack Detection and Mitigation
  
  We will present our efforts on integrating FreeRtr with DFN NeMo for the detection and mitigation of DDoS attacks. The presentation will briefly discuss basic concepts of NeMo, describe the components of our protection mechanism and explain the most important steps of the FreeRtr integration with NeMo. Our presentation will conclude with a demonstration of the protection system.
  
  rare-nemo-infoshare.pdf
- 14:55 → 15:15
  
  Q&A