As network operators continue to be disintermediated in what has been accepted as the 'natural' evolution of the global internet, it is perhaps timely to consider the potentially irreversible effects of such changes.

This session seeks to outline the probable pathways of the role of network operators and their eroding influence on the global network they administer.

With the speed of 400G coherent technology was introduced to pluggable optical transceivers (OIF 400ZR and OpenZR+). This technology is complex and powerful for your network, it even has influence on your network device operating system.

This talk will provide first insight in Nokia's implementation as well as known or potential interoperability issues addressed by the OIForum. If your transport system, router or even switch already provides coherent pluggable transceivers check the available interface parameters.

And finally new form factors for 800G and 1,6T will be part of the game as well. Stay tuned....

• No dedicated engineer appointed on this work
• Planned to perform the OS upgrades for 20 devices per night But it was possible to upgrade more than 20 devices per night
• Saved a lot of time
• NOC engineers in a night shift conducted monitoring the work progress
• no manual works
• Network engineers learnt Python programming language
• Learned new automation technologies. Ansible, Docker, Gitlab CI/CD Pipeline etc..
• Before-and after results comparison completed by Python Mysql and Grafana

It has been several years since Mirai, malware that infects IoT devices, appeared. Observation data from TSUBAME, an Internet threat monitoring system operated by JPCERT/CC, shows that variants of Mirai and other types of malware have been used since then, making the situation surrounding IoT devices even worse. Receiving incident reports from ISPs and Internet users, JPCERT/CC conducts assessments, investigations, and coordination, and a number of malware-infected routers, security cameras, DVRs, and other devices are identified on a daily basis.

To infect IoT devices with such malware, attackers first compromise them, and targeting the Web-UI authentication with its default setting or bypassing authentication by exploiting vulnerabilities are the commonly used methods. After breaking into the targeted device, the attacker injects the malware into the device. Through our investigation, we have learned that DDNS service for IoT devices are exploited for malware infection in some cases.

When businesses use IoT devices for security reason, such as surveillance cameras, they need to remotely monitor and check the status of the devices, and for that purpose, DDNS service is enabled. In such cases, attackers may compromise the DDNS service setting and make the devices connect to a server managed by them . Furthermore, we have newly found the cases where the domain names designated by manufacturers for their DDNS services are not properly managed due to the discontinuation of the businesses. In such cases, we cannot rule out the possibility that attackers hijack the domains.

In this presentation, I will describe the current situation of Mirai and recent other types of malware infecting IoT devices, sharing actual incident cases. In addition, I will also discuss how we could address the issue of such ever-expanding botnets for future.

In this presentation I will outline how network operators can proactively minimise the impact of incidents through strategic preparations and swift responses, utilising RIPE Atlas and RIS data.

The first focus is on gearing up before incidents occur, where RIPE Atlas and RIS data play an important role. These tools help operators to analyse network behaviour, identify vulnerabilities, and optimize infrastructure. Through specific use cases and best practices, operators can integrate these resources into their preparations before incidents happen.

The next step is the importance of taking swift and informed action during incidents. Features and methodologies are introduced for real-time measurement, result display, and data gathering. By leveraging insights from RIPE Atlas and RIS, operators can pinpoint incident occurrences, understand their scope, and initiate immediate actions for debugging or transparent communication of network performance to customers.

This integrated approach will help strengthens network resilience and also enables operators to maintain optimal performance standards, ensuring a robust and responsive network performance even in the face of unforeseen incidents.

Lawful Interception allows Law Enforcement Agencies to legally receive private customer communications from a network operator as an aid to investigating serious crimes. Lawful interception is a legally-mandated obligation for network operators in many countries and failure to comply can result in severe penalties.

In New Zealand a change in the legal requirements resulted in many network operators collaborating to fund an Open Source Lawful Interception system resulting in the OpenLI project. This system is now in regular use in NZ and other countries. OpenLI currently supports IP data and VoIP intercepts.

In 2023 the OpenLI project received an ISIF Asia grant to support LI in the Pacific Islands. The first stage of this grant was to review the requirements for LI in the region. We have found that almost all Pacific Island economies have some legislation enabling the use of LI. Some have recently added a requirement for real-time interception. However at this stage no Island nation has gotten to the stage of enacting regulations and gaining Law Enforcement support for formal LI deployment. A second observation was that Mobile Network support is critical if OpenLI is ever to be any use in the Pacific due to the prevalence of mobile networks compared with fixed line broadband.

In this case, the most appropriate initial target is support for 4G networks so the OpenLI project is now adding support for 4G mobile networks to the software. This work includes completing support for intercepting GTP tunnels using all mobile identifiers as well as adding encoding for SMS and Location data. The presentation will show the up to date progress at the APRICOT meeting.

We are keen to talk to any interested mobile operators to aid in refining the requirements and testing the software.

We developed an open-source IP blacklist checker tool and researched some statistics using this tool. The presentation describes our basic goals and shows some demos.

Why are we presenting this at APRICOT?

1. According to our research: About 40% of all addresses are included in the blacklist, which made some people understand that our country needs to pay attention to this issue. We want to bring it to more people.
2. We would like to receive feedback from other Engineers involved in APRICOT to improve our solution.

AI/ML is one of trend topic of today. There is some exciting technic in network infrastructure. But the technology is patchwork of legacy QoS architecture. To support 1million GPU traffic , ultra ethernet new algorithm for traffic management.

The presentation share some the legacy QoS technology from past evolution of infrastructure like integrated Voice and Video. I hope it would be help for understanding of traffic management when new architecture of ultra ethernet will come.

SCION is a secure path-aware Internet architecture, designed to achieve high resilience to routing attacks and path selection for Internet users and operators with safety critical traffic such as in the financial, healthcare and power sectors. RPKI/ROV is useful for origin validation but does not validate paths, ASPA is still an experimental technology, whilst BGPSEC has yet to be widely deployed and needs explicit router support along a path to achieve the full benefits.

SCION has commercial and open-source implementations and is in production use by the financial services industry in Switzerland and internationally, including Korea, Singapore and the US. This includes the SCION Research & Education Network (SCIERA) with connections to NUS and KISTI.

This talk will discuss the SCION design and architecture, its trust model, and how it can be deployed. It will also discuss the IETF/IRTF work, and the community efforts supported by the SCION Association to encourage further deployment and development.

SRv6 NEXT-C-SID (a.k.a SRv6 uSID) in an integrated solution that includes the service creation, the measurement, and the analytics. It can deliver any kind of service (VPN, TE, FRR, NFV) end-to-end across the various network segments (Access, Metro, Core, DC, NFV, Cloud, Host) without any shim layer. Hence, the operator would no longer need neither MPLS nor VxLAN. By removing the shim layers, SRv6 provides better scale, better reliability, lower cost, and seamless deployment in brownfield networks.

The SRv6 solution is fully standardized at IETF. It has more than 9 RFCs that covers the Architecture, Data Plane, Control Plane, and Operation & Management (OAM) of the solution. It enjoys a very rich ecosystem that includes network vendors, merchant silicon, open-source, and operators. All the key network vendors participated in the SRv6 NEXT-C-SID interop testing at EANTC 2023.

In addition to SRv6 benefits in terms of service creation, the native integration of the measurement capabilities makes it a unique solution. The Integrated Performance Measurements (IPM) solution delivers Latency, Loss, and Liveness measurements required for End-to-End assurance. It leverages the native HW capabilities to generate and ingest the measurement probe packets at very high rate, eliminating the need for external probing appliances. In addition, the IPM measurements are correlated with the routing information to deliver routing-correlated analytics. This enables new use-case, such as post-mortem and AI-powered analytics.

In this session, we will update the audience about the SRv6 NEXT-C-SID and IPM solution.

It is no surprise that API adoption is growing rapidly in network operators. The reality is that new business innovation and services are powered by APIs. But the rush to innovate is leaving security teams struggling to understand the very real security risks that APIs pose. Today, APIs carry vast amounts of data and are increasingly targets in data breaches.

This talk delves into common API security concerns and the importance of API Discovery. It highlights the key needs for an API security tool to detect API abuses and the importance of having a data lake for threat hunting.

It's been a while since peering LAN security at IXPs has been a hot topic in the peering community. BCPs and standards were written that are widely implemented at IXPs now. We analyzed DE-CIX peering LAN traffic, and found that a lot more needs to be done to make peering LANs more secure. We'll look at some things that are working and aren't working, and we'll suggest some next steps to make peering more secure.

Peering is an essential part of the Internet Ecosystem

But besides the infrastructure that provides connectivity and access, there is an equally important element that keeps it running - that is the "People Network"

This Presentation provides information about the essential role of a Peering Manger. It covers the what, who, why, where, when and how of the Peering Ecosystem that is the backend function of good connectivity .

The research study aims to investigate and enhance the resilience, sustainability, and competitiveness of community-driven and operated Internet Exchange Points (IXPs). Commercially-run IXPs tend to have greater access to capital and business development resources and are run to generate profits for their owners.

In contrast, community-run IXPs are generally run on a cost-recovery basis, have limited access to capital and any surplus is typically used to develop the IXP or its associated community further.

This is a BOF for all those using, trying to use, or without idea of Shadowserver's benefits.

Shadowserver is one of the best tools to help organizations secure their network. The reports are free with two decades of trust in the community.

We will have a short "ops review" session (see below) to help everyone check their Shadowserver access. We'll then get into use cases and discussions on everyone sharing how they can benefit.

Short Briefing Agenda:

Shadowserver's Public Benefit Mission has not changed! Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity, and emerging threats. We promote a culture of sharing, equip organizations to improve their security, support criminal investigations, help protect victims, and offer free remediation reports.

What would we cover in the session?

We will start with the essential network and domain data to ensure Shadowserver can deliver all the threat intel to your organization.

• Update all the network/domain information to provide richer threat intelligence effectively.
• Walk through the new delivery capabilities for API and Common Event Format (CEF).
• Explore Shadowserver's Dashboard - sponsored by the UK FCDO - that is now a benefit to the community.
• Highlight Shadowservers update rhythm of action with rapid report scanning on the 'hot' threat vectors.
• Commission Services. Shadowserver's non-profit-public-benefit structure allows organizations to 'invest' in new capabilities and capacities that solve industry-wide security/resiliency risks.
• Idea Factory - There are many ways to leverage Shadowserver in our joint mission to bring Digital Safety to the Internet.