Personally, I would absolutely, positively, never ever under any circumstances provide access to a 3rd party company to push a FlowSpec rule or trigger RTBH on my networks. No way. You would be handing over a nuclear trigger and saying "Please break me at my earliest inconvenience."
On Tue, Feb 2, 2021 at 5:56 AM Douglas Fischer <[email protected]> wrote: > OK, but do you know any company the sells de Flowspec as a service, in the > way that the Attack Identifications are not made by their equipment, just > receiving de BGP-FlowSpec and applying that rules on that equipments... And > even then give back to the customer some way to access those statistics? > > I just know one or two that do that, and(sadly) they do it on fancy web > reports or PDFs. > Without any chance of using that as structured data do feedback the > anomaly detection tools to determine if already it is the time to remove > that Flowsperc rule. > > What I'm looking for is something like: > A) XML/JSON/CSV files streamed to my equipment from the Flowspec Upstream > Equipments saying "Heepend that, that, and that." Almost in real time. > B) NetFlow/IPFIX/SFlow streamed to my equipment from the Upstream > Equipment, restricted to the DST-Address that matches to the IP blocks that > were involved to the Flowspec or RTBH that I Annouced to then. > C) Any other idea that does the job of gives me the visibility of what is > happening with FlowSpec-rules, or RTBH on theyr network. > > > > Em seg., 1 de fev. de 2021 às 22:07, Dobbins, Roland < > [email protected]> escreveu: > >> >> >> On Feb 2, 2021, at 00:34, Douglas Fischer <[email protected]> >> wrote: >> >> >> Or even know if already there is a solution to that and I'm trying to >> invent the wheel. >> >> >> Many flow telemetry export implementations on routers/layer3 switches >> report both passed & dropped traffic on a continuous basis for DDoS >> detection/classification/traceback. >> >> It's also possible to combine the detection/classification/traceback & >> flowspec trigger functions. >> >> [Full disclosure: I work for a vendor of such systems.] >> >> -------------------------------------------- >> >> Roland Dobbins <[email protected]> >> > > > -- > Douglas Fernando Fischer > Engº de Controle e Automação >
