Coordinating Attack Response at Internet Scale (CARIS) Workshop Report
draft-iab-carisreport-02

Document Type Active Internet-Draft
Last updated 2017-01-05
Replaces draft-moriarty-carisreport
Stream IAB
Intended RFC status Informational
Formats plain text xml pdf html bibtex
Stream IAB state Sent to the RFC Editor
Consensus Boilerplate Yes
RFC Editor Note (None)
RFC Editor RFC Editor state EDIT
Network                                                      K. Moriarty
Internet-Draft                                      Dell EMC Corporation
Intended status: Informational                                   M. Ford
Expires: July 9, 2017                                   Internet Society
                                                        January 05, 2017

 Coordinating Attack Response at Internet Scale (CARIS) Workshop Report
                        draft-iab-carisreport-02

Abstract

   This report documents the discussions and conclusions from the
   Coordinating Attack Response at Internet Scale (CARIS) workshop that
   took place in Berlin, Germany on 18 June 2015.  The purpose of this
   workshop was to improve mutual awareness, understanding, and
   coordination among the diverse participating organizations and their
   representatives.

   Note that this document is a report on the proceedings of the
   workshop.  The views and positions documented in this report are
   those of the workshop participants and do not necessarily reflect IAB
   views and positions.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 9, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents

Moriarty & Ford           Expires July 9, 2017                  [Page 1]
Internet-Draft                    CARIS                     January 2017

   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Sessions and Panel Groups . . . . . . . . . . . . . . . . . .   4
     2.1.  Coordination between CSIRTs and Attack Response
           Mitigation Efforts  . . . . . . . . . . . . . . . . . . .   4
     2.2.  Scaling Response to DDoS and Botnets Effectively and
           Safely  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     2.3.  DNS & RIRs: Attack Response and Mitigation  . . . . . . .   8
     2.4.  Trust Privacy and Data Markings Panel . . . . . . . . . .   9
   3.  Workshop Themes . . . . . . . . . . . . . . . . . . . . . . .  11
   4.  Next Steps  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     4.1.  RIR and DNS Provider Resources  . . . . . . . . . . . . .  11
     4.2.  Education and Guidance  . . . . . . . . . . . . . . . . .  11
     4.3.  Transport Options . . . . . . . . . . . . . . . . . . . .  12
     4.4.  Updated Template for Information Exchange Groups  . . . .  12
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  12
   6.  Informative References  . . . . . . . . . . . . . . . . . . .  13
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  14
   Appendix B.  Workshop Attendees . . . . . . . . . . . . . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  15

1.  Introduction

   The Internet Architecture Board (IAB) and the Internet Society (ISOC)
   hosted a day-long Coordinating Attack Response at Internet Scale
   (CARIS) workshop on 18 June 2015 in coordination with the Forum for
   Incident Response and Security Teams (FIRST) Conference in Berlin.
   The workshop included members of the FIRST community, attack response
   working group representatives, network and security operators,
   Regional Internet Registry (RIR) representatives, researchers,
   vendors, and representatives from standardisation communities.  Key
   goals of the workshop were to improve mutual awareness,
   understanding, and coordination among the diverse participating
   organizations.  The workshop also aimed to provide the attendees with
Show full document text