This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/mat-wg@ripe.net/
[mat-wg] New on RIPE Labs: Dealing with the Undercurrent of Unwanted Traffic
- Previous message (by thread): [mat-wg] New on RIPE Labs: Dealing with the Undercurrent of Unwanted Traffic
- Next message (by thread): [mat-wg] Call for presentations MAT WG at RIPE85
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush
randy at psg.com
Wed Jul 6 20:59:56 CEST 2022
>> could the author(s) please amplify >> We filter out “scan” traffic, and any other login or access >> attempts are considered “attacks” >> why? what is the difference and how algorithmically do you >> differentiate? > > I suspect there's some known white-hats, eg: shadowserver that use > well identified scanners for purposes that are worthwhile and > valuable, and those are easy to identify. i have suggested a number of times that we coordinate registries of research experiments which could cause anomalies or other bumps in the graph of measurements. e.g. RIS and RV seem obvious data sources with anomalies caused by known experiments. [ an example which does not point fingers at others is the month in 2008 where AS3130 had a BGP topological out-degree of the entire AS set ] a gang of us ran, and are still running, an experiment which is creating a disturbance in the RPKI/ROA force. how do we warn other researchers (and ops) ex post facto? i think it was vern who had a nice paper on the kinds of meta-data we should keep. > Many researchers also put up pages that explain what they are doing, > why and may even include opt-out options. yep. good. but somewhat orthogonal. note that, if one is borrowing RIR resources for an experiment, the RIR(s) ask the researcher(s) to explicitly do this. randy
- Previous message (by thread): [mat-wg] New on RIPE Labs: Dealing with the Undercurrent of Unwanted Traffic
- Next message (by thread): [mat-wg] Call for presentations MAT WG at RIPE85
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ mat-wg Archives ]