Tracking stealth portscan/pepsi attacks
Berislav Todorovic BERI at etf.bg.ac.yu
Mon Sep 6 13:19:00 CEST 1999
Dear collagues, The traffic on this list has increased rapidly since we started to discuss various security details. Regrettably, almost no persons from various CERTs are subscribed to this list, while they deal with day-to-day requests for intrusion and attack coordination. Therefore, a security-related RIPE WG might really be needed. Its aims would be to: * enhance incident coordination among ISPs; * ensure exchange of ideas and experiences in network and systems security; * issue security-related recommendations and BCP documents; * establish tighter relatioship between the ISPs and the CERTs. The group should be open to any interested party. The group should also elect a representative who would participate in activities of the CERT and IRT community (meetings, workshops, mailing lists etc.) and/or provide continuous input from various CERTs and IRTs. Few days ago, I received an interesting message from Karel Vietsch, Secretary General of TERENA, related to the subject we're talking about. I'm forwarding it, hoping it would be interesting for wider community (NOTE: the meeting, mentioned in Mr Vietsch's message is closed - only CERT community memebers can participate, but if we find time to create the Security-WG, a representative of the WG can apply to attend it): -------------------------- Begin included message -------------------------- Date: Fri, 03 Sep 1999 22:43:51 +0200 From: Karel Vietsch <vietsch at terena.nl> Subject: European collaboration between CERTs To: Berislav Todorovic <BERI at etf.bg.ac.yu> Cc: B.Gilmore at ed.ac.uk, dyer at terena.nl, demchenko at terena.nl Dear Mr. Todorovic, A colleague drew my attention to your message below. Indeed, almost three years ago Daniel Karrenberg posted a proposal for a SIRCE service to be provided by the RIPE NCC but he could not realise this plan due to lack of financial commitments. Perhaps you are not aware that Daniel's initiative was actually a proposed response to a call for tender for the SIRCE pilot service, organised by TERENA. As mentioned above, the RIPE NCC was not able to put forward a proposal, but some other organisations did, the best proposal was selected and the SIRCE pilot service started in May 1997. It is currently being provided by UKERNA. See the SIRCE Web site <www.sirce.net> for further details on the current pilot service. The pilot will come to an end later this month, and a meeting has been organised to discuss plans for future collaboration between CERTs in Europe, following on from the SIRCE pilot. This meeting will take place in Amsterdam on Friday 24 September 1999, immediately following the next RIPE meeting. See the invitation below. If you are interested in attending this meeting, please let me know. Best regards, Karel Vietsch TERENA Secretary General +++++++++++++++++++++++++++ Dear colleagues, It is my pleasure to invite you to a meeting to discuss the future collaboration of CERTs in Europe. The meeting will be held on Friday 24 September 1999, 11:00 - 15:00 hours, at the TERENA Secretariat in Amsterdam. Background Collaboration and co-ordination between CERTs in Europe has been under discussion at least since 1992. The report of the TERENA Task Force "CERTs in Europe" (1995) led to a pilot ("SIRCE") for a European CERT co-ordination service. This pilot, which started in May 1997 and is currently being provided by UKERNA, will come to an end later this month. In general the responses to the pilot service have been positive, and many have expressed their appreciation for the work done and the experiences gained during the past 2.5 years. Nevertheless, it has become clear that it will not be possible to establish a permanent operational European CERT co-ordination service at the end of the pilot phase. This is mainly because the needs of the various networks in Europe and their CERTs are so different that it is not possible to collect a sufficient critical mass to provide the (substantial) funds that would be needed to fund such a professional permanent service. Still there is a clear need for and willingness of CERTs in Europe to collaborate on issues of common interest. Such collaboration can take the form of exchange of information, limited work provided by one or more CERTs for the entire European CERT community and joint activities of CERTs who are interested in jointly solving a particular common problem. Rather than a model of a centrally provided service, one would then adopt a model of collaborative activities in one or more working groups, task forces and/or small projects. This thought has been put forward by a number of CERTs in the final discussions on SIRCE, and several examples of possible joint activities have been given. Now that the SIRCE pilot is being completed this month, the time seems ripe to discuss these suggestions in more detail and to agree on future activities. Purpose of the meeting The purpose of the meeting on 24 September 1999 is to identify issues that can be addressed, (information) services that can be provided, activities that can be undertaken and problems that can be jointly solved, through collaborative actions of CERTs in Europe. It is the intention to identify for each of these: which CERTs (and possibly other parties) are interested in the issue, how they feel the issue should be addressed and what they can commit (in manpower or other resources) to joint work on the issue. Agreements should then be reached as to when and how to start such work, and how to organize it. We would hope that the meeting will lead to one or more joint working groups, task forces and/or projects that can be started very soon. Who should attend the meeting? The envisaged participants in the meeting will be the (leading) staff members of CERTs in Europe. Many of the current active CERTs in Europe are attached to Research and Education Networks (NRENs), but representatives of other CERTs who are interested in collaboration with the NREN CERTs are most welcome to participate in the meeting. The host Having been instrumental in European CERT collaboration in recent years (e.g. through the TERENA Task Forces and by making the arrangements for the SIRCE pilot), TERENA feels it as its responsibility to facilitate the best possible future collaboration between CERTs in Europe now that the SIRCE pilot is nearing its completion. Hence TERENA , in consultation with the contributors to the SIRCE pilot, has taken the initiative to organize and host the meeting on 24 September to discuss future plans. The meeting will be chaired by Brian Gilmore, member of TERENA's Executive Committee. Meeting preparation An agenda and other documents for the meeting will be sent out during the next two weeks. Obviously it will help people to prepare for the meeting if those who have specific suggestions for collaborative activities of CERTs in the coming years, could briefly describe their ideas and circulate them to the other meeting participants. Please send your suggestions by e-mail to me at <vietsch at terena.nl>. Logistics The address of the TERENA Secretariat is: Singel 468, 1017 AW Amsterdam, The Netherlands. Phone: +31 20 5304488. Please see http://www.terena.nl/info/secretariat/location.html for a description of how to reach our office. The meeting on 24 September is scheduled to follow immediately on a RIPE meeting which will take place in Amsterdam during the preceding days, for the convenience of those who would be interested to attend both meetings. For others it is important to note that with the meeting starting at 11:00 and finishing before 15:00 hours it will be possible for most people in Europe to make this a one-day trip, travelling to Amsterdam early in the morning and back in the late afternoon. In case you will nevertheless need to spend one or more nights in Amsterdam, TERENA's Secretary Ms. Carol de Groot <secretariat at terena.nl> can help you find suitable accommodation. Since hotels in Amsterdam are extremely full, you are urged to make your hotel arrangements (either directly with the hotel or via Carol de Groot) ** as soon as possible **. Finally, in order to help us prepare for the meeting, please let me know as soon as possible whether you will be able to attend the meeting. My e-mail address is: <vietsch at terena.nl>. We will then include you in further mailings and send you the documents for the meeting. I am looking forward to seeing you in Amsterdam on Friday 24 September and I hope that we will have a very fruitful meeting! Best regards, Karel Vietsch TERENA Secretary General PS. : In case not you yourself but one of your colleagues will be the appropriate person to participate in the meeting: please pass on this invitation! ++++++++++++++++++++++++++++++++++++++++++++++ Karel Vietsch TERENA Secretary General Singel 468, 1017 AW Amsterdam, The Netherlands phone: +31 20 5304488 fax: +31 20 5304499 e-mail: <vietsch at terena.nl> WWW: http://www.terena.nl .-------. | --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI at etf.bg.ac.yu | /|\ Hostmaster of the YU TLD | |-(-+-)-| School of Electrical Engineering | Phone: (+381-11) 3221-419 | \|/ Bulevar Revolucije 73 | 3218-350 | --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11) 3248-681 `-------' --------------------------------------------------------------------
[ lir-wg Archives ]