french internet resilience observatory
play

French Internet Resilience Observatory Franois Contat, Guillaume - PowerPoint PPT Presentation

Jul 21, 2023 •589 likes •1.04k views

French Internet Resilience Observatory Franois Contat, Guillaume Valadon Agence nationale de la scurit des systmes d'information http://www.ssi.gouv.fr/en RIPE 67 - October 15 th , 2013 ANSSI - http://www.ssi.gouv.fr/observatoire 1/31

  1. French Internet Resilience Observatory François Contat, Guillaume Valadon Agence nationale de la sécurité des systèmes d'information http://www.ssi.gouv.fr/en RIPE 67 - October 15 th , 2013 ANSSI - http://www.ssi.gouv.fr/observatoire 1/31

  2. The observatory in a nutshell Prior issues Some of our objectives ANSSI - http://www.ssi.gouv.fr/observatoire 2/31 • the Internet is misunderstood; • network incidents analysis are rarely France-oriented; • the usage of best current practices is unknown. • study the French Internet in details; • develop technical interactions with the networking community; • publish anonymized results; • publish recommendations and best practices.

  3. Internet resilience? «Resilience is the ability to respond to a major crisis and to quickly restore a normal service.» The French White Paper on defence and national security, 2008 The Internet is often considered as a regular industry . Its resilience is mainly studied through: technical point of view. ANSSI - http://www.ssi.gouv.fr/observatoire 3/31 • the dependency on electricity; • the location of physical infrastructures. The observatory aims to study the Internet resilience from a

  4. Who? The observatory is under the supervision of the ANSSI. . Created on July 7th 2009, the ANSSI is the national authority for the defence and the security of information systems: d’information; Main missions are: One of its priorities is the Internet resilience. http://www.ssi.gouv.fr/en/ ANSSI - http://www.ssi.gouv.fr/observatoire 4/31 • in French, ANSSI, Agence nationale de la sécurité des systèmes • in English, French Network and Information Security Agency. • prevention; • defence of information systems.

  5. Who else? . Afnic The French Registry for the .fr zone as well as overseas territories. http://www.afnic.fr/en/ Afnic has been co-leading the project since the beginning. French network actors ISPs, IXP, transit providers… ANSSI - http://www.ssi.gouv.fr/observatoire 5/31

  6. What can be observed? Two main possible directions: through BGP and DNS. ANSSI - http://www.ssi.gouv.fr/observatoire 6/31 • services (HTTPS usage, mail…); • Internet structure (routing, name services). Today, the observatory is focusing solely on the Internet structure

  7. How to observe? Several technical indicators were defined: In the report, each indicator contains: 1. a description; 2. a methodology and its limitations; 3. an analysis. ANSSI - http://www.ssi.gouv.fr/observatoire 7/31 • 7 indicators for BGP (route objects, hijacks, RPKI…); • 5 indicators for DNS (topological distribution, DNSSEC…).

  8. Border Gateway Protocol

  9. Data and indicators RIS project - BGP updates Data: AS origin, prefix, AS_PATH… Indicators: hijacks classification, connectivity, IPv6, BCP… RIPE-NCC Whois database Data: route, route6, aut-num… Indicators: hijacks classification, connectivity, IPv6, BCP… ANSSI - http://www.ssi.gouv.fr/observatoire 9/31

  10. Identifying the French Internet Exisiting databases are not adequate: some ASes are missing. Finding French AS ing algorithm. Results ANSSI - http://www.ssi.gouv.fr/observatoire 10/31 • more than 40,000 ASes in the Internet; • automatically identify French ASes using an unsupervised learn- • 1270 French ASes; • compared to existing public databases (Cymru, RIPE): • 9 ASes missing in our database; • 40 and 70 more ASes.

  11. Connectivity Motivations Methodology ANSSI - http://www.ssi.gouv.fr/observatoire 11/31 • are French ASes well connected to each other? • are there Single Point Of Failure (SPOF)? • build a representative graph of the French Internet: • use AS_PATH seen by the RIS collectors; • extract the subgraph of French ASes. • identify the critical ASes (SPOF) for the French Internet: • highlight ASes whose loss can lead to a loss of connectivity.

  12. Connectivity IPv4 Blue: French ASes. Red: ASes whose loss leads to a loss of connectivity. . . There are few ASes whose loss can significantly impact the French Internet. ANSSI - http://www.ssi.gouv.fr/observatoire 12/31 . .

  13. Connectivity IPv4 Blue: French ASes. Red: ASes whose loss leads to a loss of connectivity. . . There are few ASes whose loss can significantly impact the French Internet. ANSSI - http://www.ssi.gouv.fr/observatoire 12/31 . .

  14. both ASes announce the same prefix: hijack? This conflict must be named differently: event. Prefix conflicts 192.0.2.0/24 ANSSI - http://www.ssi.gouv.fr/observatoire could be anycast, DDoS protection, customer… BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . . . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged;

  15. This conflict must be named differently: event. Prefix conflicts . ANSSI - http://www.ssi.gouv.fr/observatoire could be anycast, DDoS protection, customer… BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack?

  16. This conflict must be named differently: event. Prefix conflicts . ANSSI - http://www.ssi.gouv.fr/observatoire BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . 192.0.2.0/24 . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack? • could be anycast, DDoS protection, customer…

  17. Prefix conflicts 192.0.2.0/24 ANSSI - http://www.ssi.gouv.fr/observatoire BGP . 192.0.2.0/24 AS4 192.0.2.0/24 AS2 AS1 . 192.0.2.0/24 . 192.0.2.0/24 . . . . AS4 . . AS3 . . AS1 . 13/31 . AS2 • prefix announcements between ASes: routes are exchanged; • both ASes announce the same prefix: hijack? • could be anycast, DDoS protection, customer… This conflict must be named differently: event.

  18. How can we classify an announcement as valid? Route object example . BGP In this example, we look for the prefix 192.0.2.0/24 in whois database: $ whois -T route 192.0.2.0/24 descr: route: 192.0.2.0/24 AS2 AS1 192.0.2.0/24 origin: AS4 mnt-by: AS1-MNT ANSSI - http://www.ssi.gouv.fr/observatoire 192.0.2.0/24 AS4 . . 192.0.2.0/24 . AS1 . . AS3 . . AS4 . . 192.0.2.0/24 . 192.0.2.0/24 . 14/31 . AS2

  19. How can we classify an announcement as valid? Route object example . BGP In this example, we look for the prefix 192.0.2.0/24 in whois database: $ whois -T route 192.0.2.0/24 descr: route: 192.0.2.0/24 AS2 AS1 192.0.2.0/24 origin: AS4 mnt-by: AS1-MNT ANSSI - http://www.ssi.gouv.fr/observatoire 192.0.2.0/24 AS4 . . 192.0.2.0/24 . AS1 . . AS3 . . AS4 . . 192.0.2.0/24 . 192.0.2.0/24 . 14/31 . AS2

  20. Classifying events . 3600 . Number of events . 100 % . events . events events 3200 . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire . . . 400 . . valid . connected . abnormal . 0 . . 2800 800 . 1200 . 1600 . 2000 . 2400 . 15/31

  21. Classifying events . 3600 . Number of events . 29 % . 71 % . events events 3200 . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire . . . 400 . . valid . connected . abnormal . 0 . . 2800 800 . 1200 . 1600 . 2000 . 2400 . 15/31

  22. Classifying events 23 % . 3600 . Number of events . 29 % . 48 % . . . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire 3200 2800 . . . . valid . connected . abnormal . 0 400 . . 800 . 1200 . 1600 . 2000 . 2400 15/31

  23. Classifying events 23 % . 3600 . Number of events . 29 % . 48 % . . . events Valid: a route object exists for the AS including the prefix. Connected: one of the ASes provides transit to the other. Abnormal: it might be a prefix hijack. . . After analysis, 7 abnormal events seem to be real hijacks. ANSSI - http://www.ssi.gouv.fr/observatoire 3200 2800 . . . . valid . connected . abnormal . 0 400 . . 800 . 1200 . 1600 . 2000 . 2400 15/31

  24. Cross-check routing table and whois database 660 . unused route objects: 1183 . matched route objects: 2588 . 31% of route objects are unused in 2012 . uncovered prefixes: . . prefixes covered: 3629 . 15% of French prefixes could be blackholed . . prefixes announced with BGP should be cov- ered by route objects; preliminary step to RPKI. ANSSI - http://www.ssi.gouv.fr/observatoire matched route objects unused route objects . . . . 4289 French prefixes . 3771 French route objects . RIS LINX . Whois database RIS LINX . . Whois database . Prefix filtering . Whois consistency . uncovered prefixes . prefixes covered 16/31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la

Observatory of Internet Resilience in France Franois Contat ANSSI Agence nationale de la scurit des systmes d'information http://www.ssi.gouv.fr/en RIPE 68 - May 12 th , 2014 ANSSI - http://www.ssi.gouv.fr/bonnes-pratiques-bgp 1/14

289 views • 17 slides
What The Observatory Tool is and how it can be useful for YOU The Global Internet

What The Observatory Tool is and how it can be useful for YOU The Global Internet

TECHNICAL DEVELOPMENT OF THE ONLINE PLATFORM FOR THE GLOBAL INTERNET POLICY OBSERVATORY SMART 2014/0026 What The Observatory Tool is and how it can be useful for YOU The

547 views • 20 slides
French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact

French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact

French National Observatory of the impact of Erasmus+ Who is involved Researchers and Impact assessment specialists Erasmus + project holders and stakeholders Representatives from Ministry, and the EC Several units of the French NA

153 views • 13 slides
French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA

French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA

French Activities Presentations First French Asian Workshop on Next Generation Internet INRIA Sophia Antipolis September 21 st -23 rd Walid Dabbous Outline The context the STIC-ASIA project Teams involved in this workshop

719 views • 42 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our research focus: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and drawbacks To build realistic

452 views • 23 slides
High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris International Center for Scientific workshops (CIAS) CEA/IRFU Internet, coffee breaks etc Internet Co ff ee breaks USB key - Talk pdf

667 views • 18 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Our research interest: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and drawbacks To build

371 views • 22 slides
GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR

GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR

GEOBS : TOWARD AN OBSERVATORY PROTOTYPE OF THE 65 FRENCH SDI S M ATTHIEU N OUCHER (CNRS UMR ADESS) F RANOISE G OURMELON (CNRS UMR LETG) J ADE G EORIS -C REUSEVEAU (CNRS - UMR ADESS) Financial parterns : Region Aquitaine, CNRS, Universit

260 views • 22 slides
the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro

the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro

the real-time Internet routing observatory Pietro G. Giardina Enrico Gregori Alessandro Improta Luciano Lenzini Alessandro Pischedda Lorenzo Rossi Luca Sani Internet Everyone knows the role of the Internet in our society, but

402 views • 22 slides
the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it

the real-time Internet routing observatory Alessandro Improta alessandro.improta@iit.cnr.it Unveiling the Internet structure with BGP data BGP route collectors BGP data collected up to date has been unvaluable to reveal the Internet

230 views • 22 slides
the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the

the real-time Internet routing observatory Luca Sani 1 / 24 Our research topic: discovering the Internet structure Everyone knows the role of the Internet in our society, but since its commercialization in 1995, no one knows its complete

424 views • 29 slides
Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics Problem to Address: Lack of Digital Resilience Breaches are all too common Marriott is just the latest 500 million customers affected

462 views • 12 slides
the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva,

the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva,

the real-time Internet routing observatory Luca Sani luca.sani@iit.cnr.it RIPE NCC SEE 6, Budva, 12-13 June 2017 Our research interest: the Internet AS-level ecosystem Why is it important? To identify Internet topological properties and

695 views • 20 slides
Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the

WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the

WHO ACTUALLY BENEFITS FROM THE USE OF THE INTERNET ? Realities of empowerment in France in the digital era M@rsouin Network at the WIP Forum Moscow, 5-7 of July 2017 The Context of French national survey 3 RESEARCH CONTEXT Do all French

874 views • 19 slides
Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani

Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani

Isolario: the real-time Internet routing observatory Alessandro Improta Luca Sani alessandro.improta@iit.cnr.it luca.sani@iit.cnr.it 1/40 What we aim to do Research field Internet inter-domain measurement and analysis Why? - 1969 -

571 views • 40 slides
Click to edit Master title style Click to edit Master text styles On Demand Services: An

Click to edit Master title style Click to edit Master text styles On Demand Services: An

Click to edit Master title style Click to edit Master text styles On Demand Services: An Enabler of Supply Chain Strategy Second level Third level Scott Needham Managing Director, Leadtec Fourth level Fifth level 2 What

184 views • 17 slides
Pioneer Property Group ASA Company Presentation June 2020 Properties pictured are from the

Pioneer Property Group ASA Company Presentation June 2020 Properties pictured are from the

Private & confidential Pioneer Property Group ASA Company Presentation June 2020 Properties pictured are from the portfolio in Odin Bidco As, where PPG owns 10% DISCLAIMER AND IMPORTANT NOTICE This presentation has been prepared and

273 views • 9 slides
ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet Internet Mendelson AS4 Gateway - Open Source based solution - Very reactive team / use of their AS2 system (about 8000 msg / day) - Participation in

234 views • 6 slides
First Quarter 2019 Earnings Review Tom Gentile President and Chief Executive Officer Jose

First Quarter 2019 Earnings Review Tom Gentile President and Chief Executive Officer Jose

First Quarter 2019 Earnings Review Tom Gentile President and Chief Executive Officer Jose Garcia Senior Vice President and Chief Financial Officer May 1, 2019 Announced MOA with Boeing to Hold 737 Production Rate at 52 Shipsets per Month

494 views • 13 slides
BGP Connectivity for Virtual Networks Vytautas Valancius, Yogesh Mundada, and Nick Feamster

BGP Connectivity for Virtual Networks Vytautas Valancius, Yogesh Mundada, and Nick Feamster

BGP Connectivity for Virtual Networks Vytautas Valancius, Yogesh Mundada, and Nick Feamster Emerging Network Infrastructure Network Virtualization Cloud Computing 2 BGP Multiplexing for Virtual Networks, by V.V., Y.M., & N.F. @

317 views • 11 slides
BitTorrent Experiments on Testbeds: A Study of the Impact of Network Latencies Ashwin Rao , Arnaud

BitTorrent Experiments on Testbeds: A Study of the Impact of Network Latencies Ashwin Rao , Arnaud

Title Introduction Methodology Experimental Results Conclusion Backup BitTorrent Experiments on Testbeds: A Study of the Impact of Network Latencies Ashwin Rao , Arnaud Legout, and Walid Dabbous INRIA, Projet Plan` ete

610 views • 47 slides
SOLANO COMMUNITY COLLEGE EARLY COLLEGE HIGH SCHOOL PORTABLES PROJECT PRE-BID CONFERENCE June 9

SOLANO COMMUNITY COLLEGE EARLY COLLEGE HIGH SCHOOL PORTABLES PROJECT PRE-BID CONFERENCE June 9

SOLANO COMMUNITY COLLEGE EARLY COLLEGE HIGH SCHOOL PORTABLES PROJECT PRE-BID CONFERENCE June 9 th , 2020 SLIDE 01 Note: BID DOCUMENTS The information discussed during the Pre-Bid Conference is intended to provide a high-level overview of the

229 views • 18 slides
Temperature Dependent Hole Mobility in MBE grown GaAs 1 x Bi x D.A. Beaton, R.B. Lewis, M.

Temperature Dependent Hole Mobility in MBE grown GaAs 1 x Bi x D.A. Beaton, R.B. Lewis, M.

Temperature Dependent Hole Mobility in MBE grown GaAs 1 x Bi x D.A. Beaton, R.B. Lewis, M. Masnadi-Shirazi and T. Tiedje dan.beaton@gmail.com Univ. of British Columbia, Vancouver, Canada Univ. of Victoria, Vancouver, Canada Sample growth

310 views • 13 slides

More recommend