S. Bortzmeyer ✅ utilise mastodon.gougere.fr. Vous pouvez læ suivre et interagir si vous possédez un compte quelque part dans le "fediverse". Si ce n’est pas le cas, vous pouvez en créer un ici.

Good morning, Marseille! First day of ripe76.ripe.net/ Everyone who matters in Internet in Europe is here.

S. Bortzmeyer ✅ @bortzmeyer

First time there is at a meeting : twitter.com/ripemeeting/status (engineers now have kids)

I guess that many attendees would like to go back to childhood :-)

· Web · 2 · 0

plenary. Biggest meeting ever (everyone wants to come to France), with 814 registered participants.

Franck Simon (France-IX "leading Internet Exchange Point in France" president) on stage of franceix.net/

Remember that the last meeting in France was 26 years ago...

France-IX has two POPs in Marseille, and a third is under way.

Now, official presentation of the label at . "It increased the growth of the digital economy in France."

Starting technical: Artyom Gavrichenkov talks about the amplification attack (1.7 Tb/s, february 2018) at

Many protocols are usable for amplification attacks, such as Quake. Good news: the number of vulnerable servers decrease, as well as the amplification factor. (But new tricks are discovered by the attackers.)

Most protocols used for amplification attacks have a fixed source port. Easy to filter with FlowSpec (RFC 5575, but many operators don't let any client use it).

Some attacks have no fixed source port such as pingback attack.

Now, It listens over UDP on all interfaces by default (port 11211). Huge mistake!

Exploitation discovered in november 2017. Insert a value, then retrieve it using a spoofed IP address. Amplification factor > 9000

"Web developers won't stop here." They will invent new things to exploit for amplification attacks.

(Hello, Web developers on my timeline.)

NTT : "It is not acceptable [for an operator] to carry dDoS attacks" (about filtering in the network)

" are bureaucracies, that just serve to dampen the flow of useful information, so that only bad guys are informed". being discussed at

"There is a new CERT appearing every hour. Should we create a new one to coordinate them?"

L'adresse email de Randy Bush est @psg.com Sur ses slides, il a barré "psg" en disant "We are in Marseille, after all"

Routing at large scale ( good until 500 routers, IS-IS until 1000, they are too chatty, unlike which reports only *changes*).

Introducing BGP-SPF : protocol (and peering stuff and son on) with SPF decision of the path. "It is fairly simple"

"In the huge datacenter, every rack is an AS."

T-shirt of the speaker: ", awarding PhD theses since 1994"

BCOP Task Force (writing "Best Practices" documents) at

Sara Dickinson on stage on recommandations for DNS operators

Server management: important difference between monitoring (real-time, short term, no storage) and logging (long-term, much more dangerous for ).

Sara insists there is no *technical* mean to validate the policies "we keep logs only 24 h"

@DarkCoinCoin I love slides in Comic Sans, and IEEE bashing.

@bortzmeyer root@IEEE:~# apt install ttf-mscorefonts-installer

=> 🚪