ripe ncc tools

25
TF-CSIRT 42 | 30 May 2014 RIPE NCC Tools Christian Teuschel & Mirjam Kühne

Upload: ripe-ncc

Post on 12-Nov-2014

93 views

Category:

Technology


1 download

DESCRIPTION

Presentation given by Christian Teuschel and Mirjam Kühne at Terena TF-CSIRT 42, in Heraklion, Greece on 30 May 2014

TRANSCRIPT

Page 1: RIPE NCC Tools

TF-CSIRT 42 | 30 May 2014

RIPE NCC Tools

Christian Teuschel & Mirjam Kühne

Page 2: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

Overview

• What’s RIPE and the RIPE NCC

• RIPE Database

• RIPEstat

• RIPE Atlas

• RIPE Labs

2

Page 3: RIPE NCC Tools

What’s the RIPE NCC?

Page 4: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE NCC

• Not-for-profit, independent association- Neutral and impartial- Established in 1992 in Amsterdam- Provides open community platform

• 10,000+ members in 76 countries- Bottom-up, industry self regulation

4

Page 5: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

The RIPE NCC’s Main Tasks

• Secretariat for RIPE community- Organise meeting, maintain mailing lists, etc.

• One of Five Regional Internet Registries (RIRs)- Europe, Middle East, parts of Central Asia- Distributes IPv4, IPv6, AS Numbers

• RIPE Database (public registry)• Many other activities

- K-root, training, measuring infrastructure, ENUM, information dissemination, outreach…

5

Page 6: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Community

• Topical Working Groups- Address Policy, Anti-Abuse, Connect, Cooperation,

Database, DNS, IPv6, Measurements, Analysis & Tools, Open-Source, Routing

• Public mailing lists• Two RIPE Meetings per year

- Next Meeting: 6 - 10 November, London, UK

• Open to everybody!

6

Page 7: RIPE NCC Tools

The RIPE Database

Page 8: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Registry Maintenance

• RIPE Database- IP resource registry- Routing registry

• Data maintenance is joint responsibility of RIPE NCC and resource holders

• Constant development of DB to respond to changing requirements

8

Page 9: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

9

• inetnum

• inet6num

• aut-num

• route, route6

!

• domain

• organisation

• person

• role

• maintainer

= IPv4 address range

= IPv6 adress range

= single AS number

= address range announced

by an AS number

= reverse domain range

= info on who holds the set of resources

= contact info for other objects

= group of persons

= protects all other objects

RIPE Database Objects

Page 10: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

10

role: Abuse Role Acmenic-hdl: AR789-RIPE admin-c: SB436-RIPEtech-c: JS123-RIPEtech-c: XL451-RIPEabuse-mailbox: [email protected] mnt-by: LIR-MNT

organisation: ORG-BB2-RIPEadmin-c: JD1-RIPEtech-c: LA789-RIPEabuse-c: AR789-RIPE mnt-by: LIR-MNT

inetnum: 85.11.184.0/21netname: NL-EXAMPLEstatus: ALLOCATED PAorg: ORG-BB2-RIPE mnt-by: RIPE-NCC-HM-MNTmnt-lower: LIR-MNTadmin-c: LA789-RIPEtech-c: LA789-RIPE

The role object contains the contact email (abuse-mailbox)

The orgnisation object contains a pointer to the abuse contact (a role object)

The IP addresses point to the organisation object

Abuse Contact Information

Page 11: RIPE NCC Tools

RIPEstat

Page 12: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPEstat

• Toolbox- All data in one place- Routing, IP, geoloc, BLs,- etc.- Graphical interface- Nearly 40 widgets and growing

• Updates on RIPE Labs- User feedback important!

• https://stat.ripe.net

12

Page 13: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

Data in RIPEstat

• Data- Routing data

• Collected by RIS: http://ris.ripe.net- Registration data (whois)

• RIPE Database and other RIR databases

• RIR Stats (resource-holder-country mapping)- MaxMind’s geolocation data- Blacklist data- RIPE Atlas data- And much more: https://stat.ripe.net/data-sources

13

Page 14: RIPE NCC Tools

Christian Teuschel - RIPE68 - 12 May 2014

Using RIPEstatAPIs to RIPEstat

• RIPEstat Web http://stat.ripe.net!

• RIPEstat Widget API!

!

!

• RIPEstat Data API / RIPEstat Text API• https://stat.ripe.net/data/routing-status/data.json?

resource=…

14

iOS mobile App !

https://stat.ripe.net/mobile

Page 15: RIPE NCC Tools

RIPE Atlas

Page 16: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Atlas - Active Measurements Network

• Next generation Internet measurements network- Thousands of measurement nodes- Probes run different measurements

• Ping, traceroute, SSL, DNS

• Instead of building small, individual, private infrastructures, build a HUGE common infrastructure that serves both private and community goals

• https://atlas.ripe.net

16

Page 17: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Atlas Status

• 5,800 active probes and 8,000 users worldwide- Increasing number of requests

• 58 RIPE Atlas anchors - Collecting data as enhanced RIPE Atlas probes- Acting as targets for regional measurements- Vantage point for new DNSMON service

17

Page 18: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Atlas Use Cases (on RIPE Labs)

• Effects storm Sandy had on parts of Internet!

!

• Selective Blackholing- DDoS damage control

!

• Find most popular instances of DNS anycast servers

18

Page 19: RIPE NCC Tools

RIPE Labs

Page 20: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

What is RIPE Labs?

• It’s a website - but more importantly, it is a platform and a tool for the community

• You can:- Test and evaluate new tools and prototypes- Contribute new ideas and research results- Provide feedback and discuss with others

• https://labs.ripe.net

20

RIPE Labs

Page 21: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

RIPE Labs Homepage 21

Statistics Dashboard

RIPE NCC Roadmap

Tag Cloud

List of Articles

Page 22: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

Statistics Dashboard

• All stats on one page- IPv4, IPv6, members, routing,

countries, etc.

• Automatically updated• Each graph is tagged

- Easier to navigate

• http://labs.ripe.net/statistics

22

Page 23: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

Contact DBs for Abuse Handling

• Draft BCP document - by Aaron Kaplan, Christian Teuschel, Mirjam Kühne, et.al.

• Describes various data sets relevant for CERTs• Describes typical look-ups CERTs perform• Next step: identify gaps and missing data sets• Needs review and feedback• https://github.com/certtools/contactdb

23

Page 24: RIPE NCC Tools

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

Further Information

• RIPEstat- https://stat.ripe.net

• RIPE Atlas- https.://atlas.ripe.net

• RIPE Labs- https://labs.ripe.net/ripestat

• RIPE NCC & RIPE Community- https://www.ripe.net

24

Page 25: RIPE NCC Tools

Questions? Using RIPEstat

C. Teuschel & M. Kühne - TF-CSIRT 42 - 30 May 2014

25