North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: The DDOS problem & security BOF: Am i mistaken?
On Oct 14, 2008, at 9:08 AM, Scott Doty wrote:
First, the good news: so far, the NANOG conference has been very valuable and
Thank you. We worked hard to make it valuable.
Not sure what you mean by "murk spam". Thats a term that died years ago. And it really related to people claiming that spam was "in compliance with federal laws". But I think I can guess your intentions from the tone of your email, so let me try and respond.
Well, that's interesting. I see your last NANOG was 9, in February of 1997. So "Welcome back!". We're glad to have you here in person. Things have changed slightly since then. NSP-SEC never existed in 1997. It really came about in the early 2000's where it was developed as a forum for actual operators to share views and thoughts, generally in real time, to help the 'net in general survive disruption, malicious or otherwise. It has really worked pretty well, so if you qualify, I'd encourage you to get involved. See http://puck.nether.net/mailman/listinfo/nsp-security for info.
The NSP-SEC bof at NANOG is not quite the same environment as the NSP- SEC mailing list, but it generally includes the same people, plus others from the operations community who take the effort to attend NANOG, and so are sort of self-selected as being "one of the operators" with an already working amount of clue about the subjects that are being discussed. Additionally, the concept of a "trusted environment" still sorta applies. You may not have realized it, but unlike all other sessions at NANOG, the slides are not published, they are not available online, and the session is not broadcast. So "Confidential" was there to remind folks in the BoF that this was a non-public (for a skewed version of public) presentation.
Having explained that bit of history which gives you a general background, let me deal with some specifics.
I don't think anyone from CERT presented. Perhaps you meant Barry Green from Juniper's CERT team? Another "vendor"? Well, as you'll see further on, not really. In this context, like everyone else who presented, he was there as an operator, sharing knowledge and experience. But I digress...
While we may disagree on your last claim (and I actually have a few years of experience to help me argue my point), I specifically said there were a) solutions that solved part of the problem (switching to TCP, detecting and blocking cache poisoning attacks) and b) the right solutions like DLV and DNSSEC that will take some time to be deployed. And I then made sure everyone heard me when I said that we need to find an interim solution that can be deployed *now*, until DNSSEC exists in a useful footprint. I ignore *nothing*. If you have another solution that solves the same problems that has running code now, please share it with all of us. Remember, it has to scale, it has to solve all of the problems, and it has to be implementable across a range of levels of clue.
Indeed. Read further.
Fortunately, said vendor had a table at "beer and gear", so I was able to
Fortunately -- and again, I am grateful for this -- the ISC was represented
*I* was the "vendor" at the security BOF you took aim at. Except I am not a vendor in this environment. I am an operator. Just like ISC (Vixie) and McPherson (Arbor) and Greene (Juniper) etc. We are there as operators and *none* of us was selling *anything. We were describing issues that we currently are facing as operators, and solutions we have developed. You're not alone amongst "newcomers" in missing the point, so don't be hard on yourself ;-). In my case, *nothing* was being sold, other than *a* solution, which I am actually *giving* away to networks that matter in solving the probelm, and picking up the costs myself. I assume you missed that. And the reason I was doing that with a *proprietary* solution was because the open source solution is *not yet ready* for prime time, mainly because it (they) have not solved the wide implementation challenge. And *we* need to find a solution today while the open source (and best solution) gets rolled out effectively. Paul (also a "vendor" in the same vein, but an operator in the BoF forum) answered the question of whether there was another solution by saying "there is in Bind 9.6" - his product, which was released a couple of weeks ago.
I referred to it in my presentation, as a solution, along with DNSSEC. It's called DLV. Unfortunately, and Paul admits it, there are challenges to widespread adoption. It works, but there is no business case that makes it easy to roll out. And therein lies the challenge. My customers need it today. And if it isn't out there in wide use, *it doesn't solve the problem*. So I am solving that by picking up the tab myself, and being reimbursed by the people I am a vendor to, my customers. And they're happy to pay for it. None of them were at the bof. Well, not strictly true, but not in numbers to matter. But hopefully you get the point. And you now understand that in the BoF we are all working to try and *solve* problems, not sell products. I'm sorry you failed to grok that difference.
Finally, despite your knocking knees, you should have stood up and questioned anything you heard, or misunderstood. Then you would have had a better experience of the bof. As a member of the Program Committee and coincidentally the host of this NANOG, I'm sorry we didn't do a better job. We're trying to get better. I think that this was one of the best NANOGs we've ever had. But I'm biased, especially this time ;-).
As an aside, since you were last at a NANOG, we now have Beer 'n Gear, where Vendors have the opportunity to show off their wares, and in exchange they support and underwrite some of the costs of what is a pretty slick conference. I'm not sure why you believe that the vendor pitching his/her products at Beer 'n Gear is in some way violating the sacred rule against talking about a product. The B&G specifically provides the controlled environment and tradeoff. And *most* operators appreciate it, and make really good use of the opportunity to learn about new products that actually matter in such a useful environment. In one place we get to talk to actual engineers, about their products, together with 500 fellow operators who ask questions we may not even know we should ask.
If you have any other questions about my presentation, or the program, please feel free to ask directly.
Ditto for the response. But I have to assume you were not the only one who may have missed key points. Thanks for coming back. Hopefully we'll see you in the Dominican Republic next January.