www.internetsociety.org

What do we know about routing resilience and how to make it better? Internet Society

The Challenge

Economic factors– Externalities, information asymmetry, free riding

Technical factors– Technology building blocks

– Common understanding of the problem

– Common understanding of solutions

Social factors

– Collective responsibility

– Collaborative spirit

Global Internet Routing Infrastructure

Our global commons

– We all depend on and benefit from it

Far reaching effects

– Configuration errors, malicious actors

– Example: Indosat event

Interconnectivity and interdependence– “Inward” and “Outward” risks

– Example: 300Gbps attack on Spamhaus

www.internetsociety.org

Routing resilience survey

How “risky” is the global routing system?

How often do incidents happen?– Routing Resilience Measurements Workshop

http://www.internetsociety.org/doc/report-routing-resiliency-measurements-workshop

– Frequency very much depends on the threshold for false positives

What is the impact?– Data are missing, sensitive or not collected at all

– Risk assessment is a guess at best

Is your network affected?

– Detect incidents

– Eliminate false positives

– Assess the impact

Are you adequately protected?

https://www.internetsociety.org/rrs/

Data collection

Network Information– Once, during the initial sign up.– Network type, connectivity, and practices used in mitigating routing security incidents. It should take approximately 10-15 minutes to fill out the registration form.

Data related to routing security incidents via an automated monitoring effort

– On first login a “historical” overview will be presented, listing detected suspicious events over last 6-12 months

– After that once a week newly detected suspicious events are collected and displayed in the portal

– Participants are asked to validate and classify these events Impact: severe, moderate, insignificant, not an incident

Detection: monitoring system, customer call, this alert

Evidence based risk analysis

64500

64500

64500

64500

64500

64500

Evidence based risk analysis

64500

64500

64500

64500

64500

64500

Check and Classify

Confidentiality concerns

We understand the sensitivity of some of the data involved in this effort. Therefore, the Internet Society is committed to ensuring participant-specific information remains confidential.

All data collected is stored on Internet Society servers. Any information or analyses shared beyond a specific network will be fully anonymized.

Some statistics: participation

4 months

24 participants

311 networks

442 events registered

264 events classified

0

5

10

15

20

25

30

35

408/28/11

9/28/11

10/28/11

11/28/11

12/28/11

1/28/12

2/28/12

3/28/12

4/28/12

5/28/12

6/28/12

7/28/12

8/28/12

9/28/12

10/28/12

11/28/12

12/28/12

1/28/13

2/28/13

3/31/13

4/30/13

5/31/13

6/30/13

7/31/13

8/31/13

9/30/13

10/31/13

11/30/13

12/31/13

1/31/14

Unknown

Not an incident

Insignificant

Moderate

Severe

Impact severity

Impact severity (II)

1%3%

6%

42%48% Severe

Moderate

Insignifcant

Unknown

Not an incident

How did you learn about the event?

NMS Alert

Customer Call

RRS Alert

Not an incident

Interested in Participating?

If you decide to participate, please send a request for the creation of your account to rrs-admin@isoc.org.

In the request please indicate – your AS number and – e-mail address for notifications.

You may also include AS numbers of your customers for which you would like to monitor and classify related security incidents.

www.internetsociety.org

Collective responsibility and collaboration for Routing Resilience and Security

Routing Resilience Manifesto

- Principles of addressing issues of routing resilience- Interdependence and reciprocity (including collaboration)

- Commitment to Best Practices

- Encouragement of customers and peers

- Guidelines indicating the most important requirements- BGP Filtering

- Anti-spoofing

- Coordination and collaboration

Anti-spoofing movement

spoofed traffi c

normal traffi c

Networks not allowing IP-spoofing

test ing site

Objectives

•Raise awareness and encourage actions by demonstrating commitment of the growing group of supporters

•Demonstrate industry ability to address complex issues

•Provide guidance

www.internetsociety.org

Please contact us at:

resilience@isoc.org

Interested?