Franck Simon (France-IX "leading Internet Exchange Point in France" president) on stage of #RIPE76 https://www.franceix.net/

Remember that the last #RIPE meeting in France was 26 years ago... #RIPE76

France-IX has two POPs in Marseille, and a third is under way. #RIPE76

Now, official presentation of the #FrenchTech label at #RIPE76. "It increased the growth of the digital economy in France."

Starting technical: Artyom Gavrichenkov talks about the #memcached amplification attack (1.7 Tb/s, february 2018) at #RIPE76

Many protocols are usable for amplification attacks, such as Quake. Good news: the number of vulnerable servers decrease, as well as the amplification factor. (But new tricks are discovered by the attackers.) #RIPE76

Most protocols used for amplification attacks have a fixed source port. Easy to filter with FlowSpec (RFC 5575, but many operators don't let any client use it). #RIPE76

Some attacks have no fixed source port such as #Wordpress pingback attack.

Now, #memcached It listens over UDP on all interfaces by default (port 11211). Huge mistake! #RIPE76

Exploitation discovered in november 2017. Insert a value, then retrieve it using a spoofed IP address. Amplification factor > 9000

"Web developers won't stop here." They will invent new things to exploit for amplification attacks. #RIPE76

(Hello, Web developers on my timeline.)

NTT : "It is not acceptable [for an operator] to carry dDoS attacks" (about filtering in the network) #NetworkNeutrality #RIPE76

"#CERT are bureaucracies, that just serve to dampen the flow of useful information, so that only bad guys are informed". #cybersecurity being discussed at #RIPE76

"Dropping traffic is bad but rate-limiting is OK" #IANAL #NetworkNeutrality #IETF76 #dDoS

"There is a new CERT appearing every hour. Should we create a new one to coordinate them?" #RIPE76

L'adresse email de Randy Bush est @psg.com Sur ses slides, il a barré "psg" en disant "We are in Marseille, after all" #RIPE76

Routing at large scale (#OSPF good until 500 routers, IS-IS until 1000, they are too chatty, unlike #BGP which reports only *changes*). #RIPE76

Introducing BGP-SPF : #BGP protocol (and peering stuff and son on) with SPF decision of the path. "It is fairly simple" #routing #RIPE76

"In the huge datacenter, every rack is an AS." #RIPE76 #routing

T-shirt of the speaker: "#BGP, awarding PhD theses since 1994" #RIPE76

BCOP Task Force (writing "Best Practices" documents) at #RIPE76

Sara Dickinson on stage on #DNS #privacy recommandations for DNS operators

Server management: important difference between monitoring (real-time, short term, no storage) and logging (long-term, much more dangerous for #privacy). #DNS #RIPE76

Sara insists there is no *technical* mean to validate the #privacy policies "we keep logs only 24 h" #DNS #RIPE76

@bortzmeyer Fanboy spotted.

@DarkCoinCoin I love slides in Comic Sans, and IEEE bashing.

@bortzmeyer root@IEEE:~# apt install ttf-mscorefonts-installer

=> 🚪