AGENDA - SwiNOG 24 - 10. May 2012, Bern
- 08h15 Registration, Coffee & Gipfeli
- 09h15 Welcome, Agenda
- 09h20 Olivier Honold, e-shelter, High Density - High Efficiency - High Temperature in the Data Center
- 09h45 Tobi Oetiker, Oetiker & Partner, Extopus - The Monitoring Aggregator and other new open source tools
- 10h45 Morning Break
- 11h15 Mark Townsley, Cisco, MAP technical deep dive
- 11h40 Roelof Speekenbrink, Sunrise, Sunrise Ethernet Products - Technical Challenges
- 12h10 Lunch
- 13h30 Stanislav Sinyagin, K-Open, Voice applications and open-source tools
- 13h45 Matt Payne (Vice President, Sales - EMEA Prolexic Technologies), Prolexic Anti-DDoS Solutions
- 14h10 Vesna Manojlovic, RIPE NCC, RIPE policy update / RIPE NCC Measurements
- 14h55 Basile Bluntschli, SwissIX, SwissIX-Update
- 15h10 Afternoon Break
- 15h40 Arien Vijn, AMS-IX, 100G Ethernet - an early expirience report
- 16h10 Roger Wipf, IPv6 Council, IPv6 Council Purpose and Activities
- 16h25 Dr. Serge Droz, SWITCH, Spoofed IP Traffic and DDoS
- 16h40 Sina Herbert/Christoph Weber, IPv6 Security
- 17h10 Marc Ruef, SCIP, Firewall Rule Modelling and Review
- 17h40 Social Event
Registration, Coffee & Gipfeli
Welcome and Agenda
by Pascal Gloor, SwiNOG Organisation
High Density - High Efficiency - High Temperature in the Data Center
by Olivier Honold, e-shelter
e-shelter - High Efficiency Data Center Containment Solutions
Extopus - The Monitoring Aggregator and other new open source tools
by Tobi Oetiker, Oetiker & Partner
Extopus is an aggregating frontend to monitoring systems. Its plug-in architecture provides an easy route to integrating output from a wide array of monitoring systems into a single instance of Extopus.
Integration can range from simple iframe-ing a particular page from another monitoring system to accessing data from another system using rpc calls and displaying the results in a custom presentation plugin inside the Extopus frontend.
Whether you have a small setup with a few hundred or a large one with millions of items, Extopus will provide a user friendly interface to accessing your monitoring data.
MAP technical deep dive
by Mark Townsley, Cisco
MAP stands for Mapping of Address and Port and is a standard for *stateless* NAT to address IPv4 exhaustion, converging initiatives like dIVI, 4RD and other NAT mapping technics.
Sunrise Ethernet Products - Technical Challenges
by Roelof Speekenbrink, Sunrise
Voice applications and open-source tools
by Stanislav Sinyagin, K-Open
Use Case 1: Hotline vPBX. Build or buy?
Use Case 2: Conference Bridge
Use Case 3: fight the roaming costs
Use Case 4: Call center callback
Prolexic Anti-DDoS Solutions
by Matt Payne (Vice President, Sales - EMEA Prolexic Technologies)
Level3 Sponsored Presentation
RIPE policy update / RIPE NCC Measurements
by Vesna Manojlovic, RIPE NCC
by Basile Bluntschli, SwissIX
100G Ethernet - an early expirience report
by Arien Vijn, AMS-IX
IPv6 Council Purpose and Activities
by Roger Wipf, IPv6 Council
Spoofed IP Traffic and DDoS
by Dr. Serge Droz, SWITCH
Today the most powerful denial of service attacks are so called reflector attacks. Bandwidth in the order of several dozens of Bbits/s are easily achieved. To get this working two ingredients are needed:
A vulnerable protocol and the access to systems which allow sending spoofed IP packet.
Mitigation could involve fixing one protocol at a time often at the price of reduce functionality, or the global implementation of spoofing filters. The later is easy, but does not seem to happen.
After an overview of the problem we would like to start a discussion among the participants on why we are failing to implement such filters.
Do you have an idea how this would best be achieved? Maybe someone without spoofing filter want's to speak to?
by Sina Herbert & Christoph Weber
Part 1: IPv6 and DNS Security Problems
- DNS Brute Force
- mDNS within the local network and wireless
- Reverse Lookup Problem
- possible attacks
(- Live Demo)
Part 2: Problems with IPv6 and Routing Security
- Example: OSPFv3 and IPSec
- Important notes to other routing protocols
Firewall Rule Modelling and Review
by Marc Ruef, SCIP
The talk is discussing the basic problem of insecure firewall rulesets. Missing, insecure and inefficient firewall rules decrease the advantages of firewall systems. We're going to present our methodology of modelling rules and analysis of rule attributes to determine potential and existing weaknesses.