[RSSAC Caucus] Incident Response for ICANN

George Michaelson ggm at algebras.org
Thu Mar 2 22:11:08 UTC 2023 

I would appreciate something like an IEPG presentation on this one,
from anyone involved in the incident detection, remediation and
analysis. It might also be a SIDROPS thing, but IEPG feels like a good
fit, or DNS-OARC.

Realising some aspects of the security posture can't be talked about,
this is fundamentally a problem in public utility services, and
against the public utility routing model (BGP) so the role of a ROA,
or other mechanistic defences stands as something I think we (the
community at large) would want a chance to talk about.

I'd be fascinated (for instance) how widely this was "seen" given the
anycast nature of service delivery.

cheers, and commiserations to anyone involved in the problem.

-George

On Fri, Mar 3, 2023 at 5:43 AM Schleckser, Barbara G. (MSFC-IS64) via
rssac-caucus <rssac-caucus at icann.org> wrote:
>
> I hate to highjack this email string, but I have a pressing question.  E-Root experienced an Exact prefix hijack of prefix 2001:500:a8::/48 and was notified of this by CodeBGP.  My SOC/NOC are interested in finding out how ICANN ( or other agency) responds to these types of incidents.   Since this was not an issue with out server we need to have someone who can reach out to the offending party to correct.  Who can a talk to regarding this event?
>
> Barbara Schleckser
> DNS, DHCP, and IP Address Management (DDI) Service Element Manager
> Enterpise Software Services Service Element Manager
> E-Root Service Manager
> Network and Telecommunications Services (NaTS)
> NASA
> 256-624-0178 (Cell)
> Barbara.g.schleckser at nasa.gov
>
>
> -----Original Message-----
> From: rssac-caucus <rssac-caucus-bounces at icann.org> On Behalf Of Paul Hoffman
> Sent: Thursday, March 2, 2023 11:46 AM
> To: Andrew McConachie <andrew.mcconachie at icann.org>
> Cc: RSSAC Caucus <rssac-caucus at icann.org>
> Subject: [EXTERNAL] Re: [RSSAC Caucus] RSSAC002v5: New title for section 3.1
>
> On Mar 1, 2023, at 6:34 AM, Andrew McConachie <andrew.mcconachie at icann.org> wrote:
> > So how about this:
> > 3.1 The time elapsed between publishing and serving
>
> That seems too abbreviated, but might be OK. The best I could come up with is  "The time elapsed between receipt of a new zone and serving", which may be too long.
>
> --Paul Hoffman
>
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Frssac-caucus&data=05%7C01%7CBarbara.g.schleckser%40nasa.gov%7Ca76d04c326c54b332d0a08db1b4614e2%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C638133760033674873%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o7vGJUQS77OjvDeaIRVnDnpGCrhyB1%2FcboqGNCig7M4%3D&reserved=0
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=05%7C01%7CBarbara.g.schleckser%40nasa.gov%7Ca76d04c326c54b332d0a08db1b4614e2%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C638133760033674873%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ctfxfQ9KC5v%2F90WmnAkAE%2FaDNVtEV9mfPaDMp7Y%2B0Po%3D&reserved=0) and the website Terms of Service (https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=05%7C01%7CBarbara.g.schleckser%40nasa.gov%7Ca76d04c326c54b332d0a08db1b4614e2%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C638133760033674873%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MGOC9tB45
>  U5cDE1GNeCRAJvwKs4rP0btjsbD8FBMDhs%3D&reserved=0). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the rssac-caucus mailing list