The Japan Network Operator’s Group held its 45th meeting, JANOG 45, in Sapporo, Hokkaido, from 22 to 24 January. The snowy conditions outside did not deter attendees with over 1,500 people participating in the three-day conference.
Below are some of the highlights of the event.
What is necessary for the spread of DNSSEC?
JPNIC’s Dr Masayuki Okada moderated an informative session looking at the successes and challenges of DNSSEC deployment in Japan.
Panellists from JPCERT/CC, the Internet Initiative Japan Inc. and QTnet, Inc. talked about the security, network and service management issues that have impeded growth locally, and how their organizations are all working to educate and make their communities aware of best current practices to overcome these.
Easier anomaly detection
Mr Akifumi Ishikawa (Cisco Systems G.K.) reported on a new system he has been developing that detects incorrect queries in the DNS. It uses deep learning, trained with the help of 5,000 samples, as well as anecdotal data from Mr Ishikawa’s experience as part of a SOC team.
According to Mr Ishikawa, the following characterizes suspicious FQDN:
- ccTLD, which is rarely accessed from his environment such as .sk .zw
- Domain name that contains many hyphens
- Domain name that includes a trustworthy domain like .jp in the second level
- Domain name that seems to be generated by DGA
Mr Ishikawa says his system also shows mis-detection, to notify users to check for potential incidents that may have been missed through false negatives. Mr Ishikawa was advised that he should try to use Data Augmentation (DA) to balance the data and reduce false positives/negatives.
I learned that collecting, monitoring for and investigating malicious data is difficult and requires a lot of time and experience, something that machine learning can help speed up.
Whois system put in local point for redundancy
In 2019, JPNIC began trialling a new locally-based whois service to improve redundancy. Mr Hiromu Shiozawa (JPNIC) reported on the project, including how attendees can switch to the new service.
Some attendees commented that when using DNS round-robin applications on the client-side, depending on the implementation, it may retain the IP address, therefore they should be careful. Another commented on whether it considered BGP Anycast.
Fun with IP address KARUTA
At the JPNIC booth, we introduced attendees to a new game: IP address KARUTA.
KARUTA is a Japanese traditional card game. When the Game Master reads aloud a card, players need to pick up the paired card laying on the table. The original version of the game uses Japanese Proverbs, but in this version, we made it with IP addresses. For example, the Game Master reads aloud ‘Private address of /8’, and players seek to match the card ‘10.0.0.0/8’.
We made 17 IPv4 pairs (we plan to add IPv6 to the mix in the future) and it turned out to be a great way to educate newcomers and test the skills of the more seasoned attendees.
Adapted from the original post that appeared on the JPNIC Blog.
Koki Nakagawa is a member of the Japan Network Information Center (JPNIC) IP Address Department.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.