Project FENIX
Transcript of Project FENIX
NIX.CZ introduction
• Neutral platform• 5 data centers in Prague• 123 connected networks• 41 international networks• 360 Gbps peek data flow• Project FENIX
FENIX
• Reaction to DOS attacks in 3/20134 days long
• Multiple CZ targetsmedia, banks, cell phone operators, Seznam.cz (CZ “Google”)
• Source of attacks out of CZ• Nothing from CZ• Through upstream and NIX.CZ• No response source
FENIX
• Club of “trustworthy” companies• Technical tool “Secure VLAN”• Czech eyeballs can connect to local content
home banking, media, email …
• Island modelast resort
• Faster than regulations• High joining criteria
FENIXorganization rules
• End user terms and conditionsspam, attacks
• 24x7 technical conditionsno IVR
• CSIRT teamlisted by Trusted Introducer, Terena
• Active participation• Recommendation from 2 members, no veto
FENIXtechnical rules
• BCP-38/SAC004 – granularity /24 (/48)• RTBH filtering using RS• IPv6, DNSSEC• Full redundancy on NIX.CZ• Network monitoring (MRTG, NetFlow, ...)• Control plane policy RFC6192• DNS, NTP, SNMP amplification protection• Security incident time <30min• BGP – TCP MD5
FENIXstart
• 6 founding companies – January 2014Active 24CESNET (NREN)CZ.NICDial TelecomSeznam.czTelefonica Czech Republic (incumbent operator)
• NIX.CZ supervisor over rules
Year of FENIX
• 3 new members• Technical implementation• RTBH testing• Brand name announcement• Micro web site fe.nix.cz• Island mode test
FENIX at Slovakia
• Take over of SITELiX• CSIRT.SK discusions• More info at Peering Day • www.peeringday.eu