Presentation is loading. Please wait.

Presentation is loading. Please wait.

OARC Update Keith Mitchell OARC Programme Manager OARC Workshop Los Angeles 2 nd November 2007.

Published byShanna Henry Modified over 8 years ago

Similar presentations

Presentation on theme: "OARC Update Keith Mitchell OARC Programme Manager OARC Workshop Los Angeles 2 nd November 2007."— Presentation transcript:

1 OARC Update Keith Mitchell OARC Programme Manager OARC Workshop Los Angeles 2 nd November 2007

2 Presentation OARC Overview OARC Governance Update Open Recursive Resolvers Whois Query Data Sharing, Anyone ? DNSCAP 2008 Activity Plan

3 OARC Mission Provide trusted channels for Internet incident reporting and handling Facilitate confidential sharing of DNS operations data Interface with research community for analysis and publication Outreach to vendors, end-users and law enforcement

4 OARC Motivation DNS infrastructure makes everything work as expected DNS outage of any network service provider or large content provider affects everyone using the Internet The DNS is increasingly involved:  as abuse victim  as abuse vector  for abuse detection and mitigation

5 OARC Motivation Increasing incidence of attacks against the DNS DNS increasingly implicated in and compromised by Botnet activity A lot of unwanted traffic on the Internet is a result of DNS misconfiguration  e.g. in-addr queries to RFC1918 addresses New DNS technology challenges  DNSSEC, IDN, ENUM, IPv6

6 OARC Members Afillias AFNIC APNIC Autonomica BFK ChangeIP.com CIRA Cisco CMU CERT Cogent CZ.NIC Damballa DENIC eNom EP.net F-root Georgia Tech Google ICANN II-F Internet Perils ISC ISoc-IL JPRS Microsoft NASA Ames NASK NIC.CL NIC.MX NIDA o NLnet Labs  Nominet UK  NTT  OpenDNS  PIR  Registro.B  RIPE NCC  Shinkuro  SIDN  Team Cymru  NeuStar/uDNS  UMD.edu  VeriSign  Yahoo!  WIDE

7 OARC Member Services DSC Data Gathering Data Analysis  Member-only mailing list  Other closed DNS mailing lists  Encrypted jabber.oarc.isc.org chat server  https://oarc.isc.org portal o shared ticketing system

8 OARC Public Services Twice-yearly open meetings for DNS researchers and operators mailing list http://public.oarci.net website Home for:  “Orphan Projects”  “Flood Refugees”

9 OARC 2007 Activities DITL 2007 Member meeting and open DNS Operators' workshop at Chicago in July  http://public.oarci.net/ dns-operations/workshop-2007 6-person Policy Council elected for first time Revised Participation Agreement approved OARC meeting and DNS researcher workshop in Los Angeles 2 nd /3 rd November

10 OARC Membership Agreement Changes 1. “Participation Agreement” throughout 2. Housekeeping, typos 3. Allows for dormant non-contributing members to be downgraded 4. Mechanism for changes to agreement and making them binding on all members 5. Increase size of Policy Council from 3 to 6 members 6. Revise membership categories

11 OARC Participation Benefits

12 New Participation Levels Category 0, Beneficial Category 1, Normal Category 2, Expanded Category 3, Supporting Category 4, Sustaining Affiliate Associate Contributor Submit & Access data Access data only Submit data only 2 PoCs 3 PoCs 5 PoCs 8 PoCs >8 PoCs 1 PoC

13 OARC Policy Council Elected by members for first time in Jul 07 Provides member governance and budgetary oversight to ensure neutrality and relevance of OARC Monthly meetings Contact by e-mail to:

14 Policy Council Members John Kristoff, UltraDNS Matt Larson, VeriSign (RSAC representative) George Michaelson, APNIC Keith Mitchell, OARC Secretariat (ISC) Gerry Sneeringer, UMD (D root) Andrew Sullivan, Afilias

15 Policy Council Workplan Define bye-laws for Council  e.g. rotation beyond initial 1-year terms  voting tie-break mechanism Review budget for 2008 and set fee levels  fee increase of ~25% in new calendar year likely, details being worked upon Prioritize OARC activities and projects

16 Open Recursive Resolvers ORRs are DNS caching resolvers which will answer queries from anywhere on the Internet Have already been used as amplifier in a number of DDoS attacks (e.g. EDNS0) Various efforts to measure the extent of the problem All suggest it is serious, potentially millions of ORRs out there

17 Open Recursive Resolvers Surveys have been conducted by:  David Dagon (Georgia Tech)  April Lorenzen  John Kristoff (UltraDNS)  Duane Wessels  Rick Wesson (Support Intelligence) ORRs represent a clear and present danger to the infrastructure of all DNS operators, and OARC wants to help tackle this

18 ORR Data Sharing OARC is providing a repository for members and researchers to share open resolver data A number of contributors to date Some visualisations of surveys (“Hilbert Curve” maps) available More data and analysis welcome !

19 ORR Problem Scope Still not completely clear what is main ORR source OS fingerprinting suggests a lot of CPE DSL/cable box embedded resolvers are Internet-facing ORRs by default Other analysis suggests Storm Worm zombie PCs are significant contributors Mis-configured/legacy service resolvers are likely also part of the problem Unclear how ISPs can best tackle fixing their customer base (though BCP38 can help)

20 Whois Query Data Sharing Many registries (TLD, also RIRs) suffer ongoing data-mining attacks against their whois services Most are however required to provide this service It is difficult to differentiate between legitimate and valid query sources Would sharing query source data be helpful ?

21 Whois Query Data Sharing Registries could contribute whois source IP address data to OARC Do analysis to help better characterise how to optimise/protect service Could be correlated with other botnet data to detect abusive query sources

22 DNSCAP – Can Do Things TCPDUMP Won't ! Close/reopen output files on a set schedule Search by DNS message type Select by DNS initiator or responder Listen to multiple interfaces Dump messages in DiG (text) format Select messages using regular expressions

23 DNSCAP Status DNSCAP is available via anoncvs, see http://public.oarci.net/tools/dnscap/ http://public.oarci.net/tools/dnscap/ Delayed the “final release” while the command line syntax evolved and settled It's time to declare that it's finished, and focus on other work (NCAP) These features and ideas being revisited as part of a larger NCAP toolworks

24 OARC 2008 Activities “DITL” in January  please contact me if you'd like to collect and submit data Finalize co-operation agreements with CENTR and APTLD Recruit dedicated engineer Further develop trusted communications platform Develop Domain Statistics Collector s/w Facilitate tackling Open Recursive Resolvers Two more meetings – seeking hosts/sponsors !

25 OARC Further Info Web:https://oarc.isc.org E-mail:keith_mitchell@isc.org Jabber:keith@jabber.oarc.isc.org Phone:+1 650 423 1348 (EST) +44 778 534 6152 Paper: http://public.oarci.net/files/oarc-briefing.pdf Slides: http://public.oarci.net/files/ workshop-2007/Mitchell-OARC-update.pdf

26 Questions ?

Download ppt "OARC Update Keith Mitchell OARC Programme Manager OARC Workshop Los Angeles 2 nd November 2007."

Similar presentations

DITL 2008-2009 George Michaelson APNIC

DITL George Michaelson APNIC
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.

Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.
IP Address Management The RIR System & IP policy

IP Address Management The RIR System & IP policy
Introduction to ARIN and the Internet Registry System.

Introduction to ARIN and the Internet Registry System.
UNFCCC secretariat - Mitigation, Data and Analysis Programme Gopal Raj Joshi, Associate Programme Officer Overview and Status of Operation of NAMA Registry.

UNFCCC secretariat - Mitigation, Data and Analysis Programme Gopal Raj Joshi, Associate Programme Officer Overview and Status of Operation of NAMA Registry.
UNFCCC secretariat - Mitigation, Data and Analysis Programme Claudio Forner The NAMA registry Report to SBI 40.

UNFCCC secretariat - Mitigation, Data and Analysis Programme Claudio Forner The NAMA registry Report to SBI 40.
1 ARIN: Mission, Role and Services John Curran ARIN President and CEO.

1 ARIN: Mission, Role and Services John Curran ARIN President and CEO.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Policy Proposal 109 Standardize IP Reassignment Registration Requirements ARIN XXV 18 April, 2010 – Toronto, Ontario Chris Grundemann.

Policy Proposal 109 Standardize IP Reassignment Registration Requirements ARIN XXV 18 April, 2010 – Toronto, Ontario Chris Grundemann.
Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]

Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]
APNIC Update AfriNIC-14 4-10 June 2011 Sanjaya Services Director, APNIC 1.

APNIC Update AfriNIC June 2011 Sanjaya Services Director, APNIC 1.
ACSP Report – Review of Open Suggestions Nate Davis.

ACSP Report – Review of Open Suggestions Nate Davis.
OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.

OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.
Mirjam Kühne 1 RIPE 33, May 1999 Introduction to the RIPE NCC presented by Mirjam Kühne.

Mirjam Kühne 1 RIPE 33, May 1999 Introduction to the RIPE NCC presented by Mirjam Kühne.
Jessica Lavoie CSC 101 November 27, 2012. Societal Topics Weeks 7 and 8 Internet Regulation Internet regulation is restricting or controlling access to.

Jessica Lavoie CSC 101 November 27, Societal Topics Weeks 7 and 8 Internet Regulation Internet regulation is restricting or controlling access to.
Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.
Mar 3, 2006APNIC 21 Meeting -- Perth, AU1 IANA Status Report David Conrad, ICANN IANA General Manager.

Mar 3, 2006APNIC 21 Meeting -- Perth, AU1 IANA Status Report David Conrad, ICANN IANA General Manager.
Fees and Services John Curran President and CEO. Situation Fee Structure Review Panel completed and discharged – Final Fee Structure Review Report released.

Fees and Services John Curran President and CEO. Situation Fee Structure Review Panel completed and discharged – Final Fee Structure Review Report released.
1 Madison, WI 9 September 2014. 2 ARIN’s Role in the Internet Nate Davis Chief Operating Officer American Registry for Internet Numbers.

1 Madison, WI 9 September ARIN’s Role in the Internet Nate Davis Chief Operating Officer American Registry for Internet Numbers.

Similar presentations

Ads by Google