Leslie Daigle 0:00 Yeah, let me check my back pocket. Oops, no, not there either. There is no magic solution, and part of the challenge is the fact that there's an open question about who's going to do anything about it. Our typical approaches to security over the last few decades have been, you know, put another band aid on, put another lock, put another moat around yourself. But I mean, I like to say this is a problem that we can't two factor ourselves out of because the people who really need to act are the ones who are running the networks George Michaelson 0:37 you're listening to PING, a podcast by APNIC discussing all things related to measuring the Internet. I'm your host. George Michaelson. I recently caught up with Leslie Daigle again, this time at IETF Bangkok. Leslie is from global cyber Alliance. I spoke to her in January of last year about GCA and their Honeynet, a large system of deliberately insecure, publicly visible hosts on the Internet. GCA operate this to see what kinds of attack traffic are active and where they're coming from. GCA also now supports the MANRS initiative, the mutually assured norms for routing security. We've discussed this on ping with Andre Robchevsky. Leslie has been exploring the data that GCA Honeynet shows. She's been talking about it with the operations community, and finds herself asking questions which nobody seems to have answers for. What are we going to do to manage this bad traffic? It seems it may be moving from a technical question to one about governance of the wider public utility function and how we need to think about the problem. Might now be moving from a technology solution question to social ones. Leslie, welcome back to ping. Leslie Daigle 1:56 Thanks for having me. George Michaelson 1:57 So for people who didn't hear the episode you recorded sometime last year or maybe a little before, can you remind everyone who you are and what you do? Leslie Daigle 2:06 So my name is Leslie Daigle, and I'm the Chief Technical Officer and director of the Internet integrity program at the global cyber Alliance, where we play with a number of technologies and data sources to look at what is going on in the Internet and in terms of security and where are the problems. How can we build community to address them? George Michaelson 2:25 We recently talked with Andre Robchevsky about MANRS. He was at the pulse Internet forum in Malaysia. That was really lovely, but it reminded me that you actually have this wider context. GCA has been doing an activity for a very, very long time looking into the problem of bad traffic, Leslie Daigle 2:46 since, well, the last five or six years, we've had a global honey farm that's got sensors in deployed in about 200 countries across the globe, and it's just listening to see who's out there trying to attack open, mostly IPv4 ports. And it's really interesting to see how many different places those attacks are coming from, and how many attacks are coming from some places, and so on, so forth. George Michaelson 3:10 So when we talked last time, you went in some detail into how this technology works. But if we kind of summarize, the basic idea is you put a device, could be software running in a virtual machine, could be hardware. You put it up on the network. You don't have to tell people, hey, come to the door. People are just sending packets all the time to the entire V4 address space, finding what will respond, right? Leslie Daigle 3:34 Yes, it's kind of scary. There are a number of scans that happen daily. I mean, some of them are not malicious. Some of them are, you know, intent, well intended. And George Michaelson 3:43 measure the network, see how many devices are active, whatever, Leslie Daigle 3:46 but others are literally probes for attackers that are out there poking to see who's got a door open. What can they access? Where can they get in? And then that's just for probes. And then we see hundreds of 1000s of attacks, millions of attacks packed every day on our 200 sensors just sitting out there. George Michaelson 4:04 And these devices, in some ways, they kind of can pretend to be terribly managed, not updated, web servers, mail servers, FTP servers. They present a front door that to a bad guy, really looks attractive, which means you get to see the more complex things going on in the system. Leslie Daigle 4:24 Yes, so largely, they are set up so that almost any password will work, so that so that it's easy for the attacker to log in. And then we can watch. We can see where are they downloading malware from, what commands are they trying to run, and so on. And in fact. Something that has changed since we last spoke is we've changed out the technology that we're using for our honey farm. We have our own now, and it does support more than telnet and SSH. It actually supports HTTP, HTTPS and secure FTP. George Michaelson 4:53 Oh, that's really cool. Everything is sweetness and light in the Internet, and we're all safe, and there are no major risks, right? Leslie Daigle 4:59 Yeah, If only that were the case. But in fact, really what we're finding it's, it's kind of like I got a new vacuum cleaner that has a little laser on the roller. So as I'm pushing around my vacuum cleaner, I can see just how disgustingly dirty my floors are even as I'm vacuuming. George Michaelson 5:14 Yeah, I got that feature on mine. It's kind of telling. It shows you where you should have been looking a lot harder. Leslie Daigle 5:21 And that's the same thing with this honey farm, is it's really highlighting just how much, how much unwanted traffic there is on the Internet. [George: Yeah]. And if you talk to a network operator, they kind of shrug and say, well, it's not clogging my pipes. What's the problem? George Michaelson 5:34 But there's a lot more going on here. There is a problem. Leslie Daigle 5:37 There is a problem. I think that one of the most visible problems happened in 2016 with the well known Mirai attack on the dyn servers, which caused DNS outages for major companies, for, you know, for several hours. And that was a pretty simple botnet that basically took over a number of IoT devices, simple IP really like cameras, small devices, sensors, and used them, commanded, marshaled them into an army, if you will, to launch the attack George Michaelson 6:08 In the Asia Pacific footprint that they actually succeeded in taking over virtually an entire island economy in the Pacific's infrastructure and used it to marshal an attack. It was quite scary, and it's a threat in kind of many different directions, right? I mean, you focused in on the quality of how it affected Dyn, the DNS services or other services, but it also has reputational risk if an entire nation state is suddenly visible as a source of this traffic. That's really bad. Leslie Daigle 6:39 It is really bad. And I'll actually jump off that point to observe that. Here we are. You and I are sitting in Thailand at the moment, and I went to connect to one of my services back home for for I think it was my to pick up my pay stub, and got a message back from the server. That is, it says, I'm sorry, we don't serve anybody coming from Thailand. I mean, literally, that's what the HTTP web said. George Michaelson 7:03 Their approach to dealing with the problem is, this is too hard to deal with. Let's just put everything into the bad camp. Leslie Daigle 7:09 Exactly which is which is wrong on so many levels, George Michaelson 7:12 I have noticed myself using some services mediated through Cloudflare warp that I'm having to walk through. There are you really a person? Test a lot more, and I've had a couple of services I routinely log into from this laptop with cookies on this machine saying, you seem to be coming from a really strange economy. Can we do the two factor check again? So I think that reputational harm problem is really very strong. Leslie Daigle 7:36 It's very strong and it's persistent, because one of the features of blacklists is, however easy they are to get on them, they're very, very hard to get off. George Michaelson 7:46 We are so fond of saying but I have a magic solution. So Leslie, tell me you have a magic solution, right? Leslie Daigle 7:53 Let me check my back pocket. Oops. No, not there either. There is no magic solution. Part of the challenge is the fact that there's an open question about who's going to do anything about it. Our typical approaches to security over the last few decades have been put another band aid on, put another lock, put another moat around yourself. But, I mean, I like to say this is a problem that we can't two factor ourselves out of, because the people who really need to act are the ones who are running the networks. George Michaelson 8:21 This begs many questions. I actually don't really know where to begin here. Where are we going to cast this problem? To start fishing around for a conversation that ultimately is going to lead to a solution. What are the questions we need to be asking? Leslie Daigle 9:36 One of the questions that I started asking, actually at the right meeting in May of 2022 was what is a reasonable amount of this unwanted traffic to see coming out of a network? George Michaelson 8:46 Now, that's quite that's quite an interesting point I lived my partner ran a small business, a bookshop, and she was quite over that if you're in trade, you just have to accept a certain level of theft is taking place. So it was routine for her to accept 5% stock loss. That was just a fact of life. Now, if you're a small trader in some cities that are under stress, maybe Baltimore or some of the West Coast cities in America, 5% would be nothing. You have a massive, massive problem, to the point that people are pulling stores out because it's uneconomic to keep trying to function. So the idea that there's an acceptable amount of crime, it's kind of weird, but at the same time, it's well. Understood, right? Leslie Daigle 9:27 And it's well understood, because to get you can understand that to get to 0% crime, you would have to compromise on too many other factors, such as, you know, privacy and personal security, right? She's accepting that she's going to lose some number of books from the bookstore because she's not going to go through every person's bag when they leave the store, George Michaelson 9:47 because they're a one time customer, a few hassle, [Leslie: exactly]. And I'm really, really interested. Did the RIPE community actually come up with a number they could, kind of, Leslie Daigle 9:57 They did not. And we'll put that down to my, my lack of skills in terms of guiding the discussion, or we didn't have opportunity to follow up, or whatever. I'm still interested in pursuing that, right? George Michaelson 10:07 I think that is an amazing question. Leslie Daigle 10:09 And I think it's not even just a number of, like, it's not just the number of attacks, because, as you say, different networks can be different sizes and whatever. But there are things like we had in that presentation, I was looking at the number of attacks coming out of networks. So like the top attacking network, the network that we saw the most attacks from, in our network of sensors, the top network, sent over 20 million attacks in a half year period. And it's like, well, is that a lot? I don't know. Can we look at it in terms of number of attackers. So the top number of attackers in a given network was over 20,000 attackers in a network. Maybe that starts to be something you could notice. But is that really something you might notice without actually virtually going through the purses of every packet on your network as they go out the door? Well, how about the top number of attacks coming out of attacker, and we saw one network where there were 600,000 attacks coming from one attacker. George Michaelson 11:05 This kind of goes through a series of measures, a series of counts that lead you in a particular direction. If we just had better eyeballs on the problem, we might start to be able to quantify things. And once you quantify amounts, you can consider ratio. So it would be 20,000 things were emitting bad traffic out of a population of 100,000 that could be a heck of a lot more scary than out of population of 20 million. [Leslie: Yes], so there's an aspect, which is we need to begin to measure how much people are emitting and what's the ratio to their actual scale and consequence. But when you come right down to here's this one thing in the corner, this one IP address in this network that's emitting 600,000 attacks. It wouldn't matter if it was a giant net or a tiny net. You want to be able to deal with the problem. Leslie Daigle 11:57 Yeah, and you want to believe that networks might notice that kind of behavior at some level, because you also have to understand that's what we saw. But we aren't the only attacks. We're not advertising ourselves as some particular collective right? They no doubt we're sending that much traffic to every open IPV four port in the network. George Michaelson 12:15 So we have to assume that you saw it as a measure of things you could count, but the actual effect at scale on the global network is significantly higher. You know, this is making me think of the PULSE model, the idea of an Internet health report, which is also done in IIJ, trying to help quantify these things into simpler measures, so that people in policy space, governance space, maybe in LEA have simpler measures to help them decide, let's focus on this problem is that something you may be looking towards? Leslie Daigle 12:47 I'm so glad you brought that up, because indeed we are. We've made our first foray into an Internet pollution index with we've updated the website for this project. If you go to https://gcaaide.org/, and I'm sure that will be put in the show notes, [George: it will indeed] you will see a world map with a heat index of the amount of pollution we see coming from different countries, and that is calculated, it is normalized based on size of networks, et cetera, and a few other factors brought into it. So it's not just raw numbers of attacks. And the hope and expectation is that we can start raising awareness with that. And we, of course, have all of that data on a per network basis, but we're not actually out to name and shame. [George: No], we're trying to raise awareness. George Michaelson 13:33 No, there's a commonality, I think, between the approach APNIC has in a member only service and what you're saying you have to be so careful about holding the flag up over someone in public. So if you start with the nation state or even regional data, it's much easier to bring people into the conversation. We actually found that some communities are more organized than other communities. If I were to showcase one, I'd say the Vietnamese are absolutely amazing when they're informed that there's a problem inside their boundary. They are really super keen to try and understand what they need to do to mitigate this. And you know, I like that. I like that we can have a rational conversation. So have you been taking this on the road? Lesley, Leslie Daigle 14:15 We're just starting to take it on the road. And again, we plan to talk some more about it at RIPE in May this year. But before we leave the Vietnamese, I wanted to come back and point out that the there's a more recent attack, Mirai botnet, again, a variant of the Mirai botnet that actually is tied coming, is coming from us. I think the command and control network actually comes from a single IP address in Vietnam. George Michaelson 14:38 Well, that's one we might take offline and have a conversation with VNNIC about because it would be lovely to tackle the problem. But there's a quality here that I think is, yeah, okay, that's one question, but this is many holes in the diagram. This is not a single hole fixes the problem. Do you have other things that are kind of in your mind as questions we need to think about? Leslie Daigle 14:58 So the general question of what is appropriate coming out of networks is sort of a larger question, but the but the really important thing is to focus on So then, what do we do about it? Right? Because, as I said, network operators kind of shrug and say it's not impacting my numbers in terms of bandwidth. George Michaelson 15:14 It's very hard to make a case for spend labor or real money in this area because it doesn't directly impact your your revenue. The you know, the earnings per customer aren't going up because you say, I've got a clean net. There's very little evidence of that. Maybe we could work on a sell side, but at this time, if I were in network ops, this wouldn't be my number one problem to look at. Leslie Daigle 15:35 Yeah, and I can think of some ways that maybe it could become a number one problem to look at, but they're not very pleasant, and they, you know, largely involve major business issues, like, if you start looking at the cost of of these attacks, like the Mirai attack has just been in the news recently, then the impact of that has real dollar value associated with it to other companies around the globe. George Michaelson 15:57 Oh, and that translates very directly to things like business insurance cost as well. So I could well see the reinsurance market or the insurance organizations being agencies, who'd look at this and say, Guys, you have to lift your game. Leslie Daigle 16:10 It also goes back to the question of reputation, because all of all of the IP addresses that are regularly involved in this kind of behavior are being noted, you know, not just in our system, but by everybody who's building any kind of defense technology and system, and they're not going to be worth a whole lot on the resale market. George Michaelson 16:30 Now that's you've just kind of slid a message under the counter there. We're moving into a world where addresses used to be critical assets you held for use, into a world where addresses are becoming more ephemeral but necessary, and a lot of agencies with large stocks of Internet addresses have potential to realize the capital value. It's true, the market used to be at $50 in address, maybe come down to 30. But if you were a former nation scale telco, and you held enough of these addresses, this is hundreds of millions of dollars of capital you could realize. And there is not a CFO in the current economic climate who wouldn't want to know about this? So what you've plunked on the table is, yeah, they're worth hundreds of millions, but if you don't deal with the taint coming out of your addresses, they're worth a lot less, Leslie Daigle 17:24 absolutely. So I think the onward discussion is, how can what is a rational amount of effort for a network to put into into observing this kind of behavior and stopping it at source. And again, back to the, you know, the bookstore analogy. We're not talking about posting a guard at the door and saying you're going to look in every handbag, but there are behaviors that should be observable, and George Michaelson 17:47 you can start to do some metrics, counting the till, working out stock holdings, and do the difference. And if you can trial that process down to something you can do quickly, you're going to know the days you're losing stock. If you look at the return visits, you're going to know the days people are coming in to see what they can take. So there are processes in measurement that kind of lead directly to an outcome here, if you're smart about how you measure, [Leslie: yes], I like this. That means this really is a measurement story. Lesley, that's great. That's what we're here for. So are you guys interested in developing tools in this space? Is that an area you might do work? Leslie Daigle 18:25 I think that we're mostly interested in working with others about to have the dialog about what is reasonable, right, as as we saw in the case with MANRS, right? What brought MANRS into existence? It was a discussion around, if you, if you network operators, are not in a position to operationally support the proposed standards for routing security, what can you do? So we're sort of in the same situation where, rather than us saying, you know, network operators the world around should do X, Y and Z, rather talk with them and say, [George: yeah] if you were going to achieve this, what could you do? What? What should we advocate that others? George Michaelson 19:01 Yeah, and it's nice also with the MANRS model that it is the operators themselves coming into a state of saying, These are the norms we promote as a minimum requirement. So you could imagine a MANRS for honey nets a MANRS for bad traffic. These are the norms for investment you should make in tracking down your own problems in the wider community interest, and if enough of you lift the boat, we're going to get to a better place. Leslie Daigle 19:29 Yes, because stopping it at source will actually have considerable impact in reducing the reducing the problem space. George Michaelson 19:36 That's an intriguing thought. Community Building is probably the hardest thing to do here, and if we kind of go away from technology. It's also the thing that we're least equipped to do. I mean, we are all on this program, technologists, right? People listening to this are probably in the network space, or students looking at problems, or they're interested in technology. But this isn't really a technology problem. This is a people problem, Leslie Daigle 20:01 Absolutely. And you know, here we are. Not only are we technologists, but most of us are deeply introverted. And it turns out that the major, the major problem space, is addressed through communication. George Michaelson 20:11 Yep, the one thing we're no good at doing. So you're doing an attempt to, yes, get things started. You're lining a fire under people about this. You're out communicating about this, you're going to be in RIPE where else could we see you talking about this? Leslie Daigle 20:26 Well, I'm kind of a fixture at NANOG, the North American network operator group, so we'll take it. We'll take the message pretty much anywhere that is interested hearing about it. I think it will also be important to take it out of the networking environment as well to talk to regional groups and, you know, other entities that are interested in the security of the network. George Michaelson 20:46 So that also means that there's the potential for an outreach that is off the technology track, more in the LEA space or in the governance conversation? Leslie Daigle 20:56 I think it's, I think that there is a governance conversation here. I'm not, I'm always a little bit careful about what I what I want to suggest is appropriate for regulation or or other. George Michaelson 21:05 It's a delicate area. Leslie Daigle 21:06 I'm going to go back to the point that the that we want to see measures that are defined by network operators, because they are the ones who know what actually works. George Michaelson 21:15 So that actually comes to a place that can work very well for the regulator, they typically don't like to be boots and all right, coming into a green field saying, I'm going to tell you how it'll be, their approach is much more to say we've been made where you guys have a problem. Some of it's from you, some of it's from downstream of you or consumers of you. The best thing here is if you guys come together and agree what you think is the approach, and if we come to an agreement with you in that it's a level playing field, don't set the ladder too high. Don't put too many costs on yourself. Let's talk about what's a rational level of investment by you, and will mark that as the minimum to be in this playing field. It's not a bad approach. Leslie Daigle 21:56 It has been successful in the context of MANRS, and we're hoping to see it be successful in this context as well. George Michaelson 22:03 I think MANRS in GCA is a very good fit for the activity that you're doing here. Lesley, I think it's really nice that GCA has picked up this community burden and is carrying that story forward. So the Honeynet itself, that's the honey farm, as you put it, that's quite a big investment in technology, isn't it? Leslie Daigle 22:20 It has been a big investment. It's been a big investment over several years. Our original work was largely focused on doing the data storage and extraction, and we had another entity actually running the honey farm, but we, in the course of the last six months, have rolled out, as I said, our own technology, which is really a lot of fun because we can tune it any way we want. We've used that particular technology in instances of deployments before we rolled it out as our sort of base measurement platform. [George: Yeah], we use it to to do some studies of what actually happens in a smart home and with which in the UK, and they had a number of smart home devices that they wanted to test and put them behind the behind one of our honey bots, and just to see what happened in I think it was a matter of minutes for the first video camera fell over. George Michaelson 23:11 There are two qualities here that come to mind. Geoff Huston has been fond of saying it's not the Internet of Things, it's the Internet of dumb things. Jacques Letour from CIRA in Canada was. Find interested in the idea of getting a tick mark up within the Canadian technology community, because these devices essentially become orphans. They're flooded out into the market, and they're sold as amazing smart technology, and then they never get a field upgrade, [Leslie: absolutely] and so the risk here is that older devices typically have lower barriers against sophisticated attacks. They might be good for the day they're sold, but five years down the track, if you've still got a smart light bulb in the corner, it's probably a target for attack. Leslie Daigle 23:54 And this is another one of the reasons why I favor trying to address things at source, rather than just, you know, build more moats around deployments. Because in this recent round of Mirai attacking, it was, it was a number of the older devices that were particularly hit hard. And as you say, they're deployed and they may be physically inaccessible. So it would be better to have less of less ability for these kinds of attacks to circulate and gain momentum, than just to say, well, you really should put a VPN in front of your lights. George Michaelson 24:24 So do you think that this will wind up being an additional burden on the NOG? Is this heading to a network operations group in an ISP to resolve are we talking about a new specialist grouping that has to exist alongside classic operations to deal with this. Leslie Daigle 24:39 I don't... I'm not going to speculate too hard about which path it's going to be, but I will say that I think it, it should lead to more agreed expectations about what it means to run a network properly. George Michaelson 24:51 So you kind of stop at there's an obligation emerging. You're not going to tell people how they can tackle it, but it's a different skill set, right? I mean, you really have to have a slightly different sense of what you're doing here. It's not just as simple as configuring a switch and bringing it up. It's the management of the ACL and the reverse path forwarding in those states. And it's also looking at information flows and intuiting problems against trend lines. It's an Leslie Daigle 25:17 important piece of it is understanding your network right, understanding what what is normal in your network and what should be normal in your network, and and neither am I a fan of stifling, you know, all stifling, all activity that looks new and unusual, and saying it must be bad to your point about having to do, you know, re authenticate yourself to two systems because they think something looks a little funny. Now, in the same way, you have to make sure that you don't create networks that just say, either you connect to the three servers I'll bless or you can't, can't network but, but there is an element of understanding what is unusual behavior. George Michaelson 25:54 So a part of this that interests me is that many things in measurement come to this point of full packet capture and post hoc analysis, as opposed to sampling in the stream. And I have a very strong sense you're never going to be in a world where a full packet capture gets you where you need to be. You are living in sample in the stream. [Leslie: Yeah], and I'll throw back at you a version of your question. How much data do you have to sample to be able to get a sense at scale of how big your problem is? Leslie Daigle 26:23 Are you talking about as a network operator, or in terms of looking at what we're doing, which is looking at all the traffic in the world. George Michaelson 26:30 So you've got a Honeynet investment of two to 300 devices, and you're getting a sense of density of problem based on the attacks coming at you. But if I were a network operator, if I deployed one Honeynet system in my core, would that be enough to give me the beginnings, or do I have to have a deployment of one at every NOC, every node. I mean, what's my cost of entry if I'm starting to think I want to engage it? Leslie Daigle 25:56 So I think you, what you probably want to do at that point is actually talk to somebody who has a honey farm and and ask them, What are you seeing out of my network, George Michaelson 27:03 right? So day one is get a sense of the scale of your problem, [Leslie: right] And that would help direct what level of investment you might want to make. Leslie Daigle 27:12 And the rest of the instrumentation in your own network, I think, has to do a lot more with understanding what kinds of of connections are being made from your from the the nodes in your network. And NIC, where are they reaching to? Yeah, and are these regular patterns? Are they suddenly reaching to whole new countries? George Michaelson 27:27 So we see quite interesting behaviors in APNIC labs. When we look at traffic trends like v6 there's a very strong week, day, weekend traffic profile. And I think there's a quality here that it actually becomes an important question, are you in service to the general market, or are you in a small, small and medium enterprise or a government department? Because you would expect your machines are essentially idle at the weekend in a government context, whereas in my home, when I'm not there, they shouldn't be doing very much. So it's kind of inverse models, right? It's very contextual to the nature of your market, Leslie Daigle 28:00 and it's probably. Going to be highly contextual depending on your own circumstances. So, I mean, as a separate piece of work, there's a there's work to be done in profiling. What is normal in your right work, in your small George Michaelson 28:13 If we had smart profiles, and I could put maybe five qualities into a I'm going to call it an engine. I could get out of it a statement, the general community consensus is, for a 20,000 customer mobile related service, you'd expect to see this general level, and if you're above that threshold, you really need to ask yourself, why? Leslie Daigle 28:34 Yes, and and again, it's sort of like know your customer, but it's more know your network, right? If you if you have a baseline and understand where your general connections, connection types are. It's when you see sudden variations from that you might want to ask it. George Michaelson 28:48 So Leslie, where next with this? I mean, where are you going with this? Is there? Is there a two year a five year plan? Leslie Daigle 28:54 So that a lot of it depends on sort of the responses that we get? Because, since we aren't creating the list of rules and regulations that we are going to try to impose on people. We need people to come out and play and, you know, have the discussions with us. So for you know, I think I made the offer the last time that we spoke. If anybody in who's listening would like to know, what do we see from their network in our honey farm. I'd be happy to, you know, provide, provide a report. George Michaelson 29:20 I really strongly recommend people to think about having a look at this data. So I would say the first thing that would be there's a benefit in this conversation is go and look at the GCA website and try to understand what it can tell you about yourself. People put their AS number in or an address, Leslie Daigle 29:39 well, let us know the AS number, and we'll again, we're not looking we're not sharing this data publicly, so we're interested in contact us. George Michaelson 29:45 Well, there's a bit of a two FA to do, because you've got to know who you're talking to, yeah. Leslie Daigle 29:48 And then, and then we can, we can share the data that we see from some perspective. So George Michaelson 29:52 if I were in a community like maybe sang org in South Asian footprint, there's a way we could invite you in the door to talk about problems in our region. You might be able to prepare something there. Leslie Daigle 30:03 Yep, and that would be fun. I neglected to mention I'll actually be giving a keynote at the ARIN meeting at the end of April in Charlotte, North Carolina, which, which is going to look at the larger question of, sort of, how do we how do we address this security problems in general? George Michaelson 30:18 Oh, that's one that people should definitely look out for. And there's a blog stream on the GCA site. You're writing things up. Leslie Daigle 30:24 Yes, never as much as we feel we ought to, but yes, George Michaelson 30:29 and if I'm already at a point that I'm motivated, you've got pointers for tools and a way to bootstrap some engagement here. Leslie Daigle 30:36 If you're already motivated and you think you have answers, we would be welcome. We'd be very happy to work with you to start building some community around that. And George Michaelson 30:42 yeah, at the moment, you're still stuck in questions. Lesley, we have a lot of questions. Yeah, this has been absolutely fascinating. I hope we can get you back to talk about this again. Thank you. Lesley, Leslie Daigle 30:53 thank you so much. George Michaelson 30:56 If you've got a story or research to share here on ping, why not get in contact by email to ping@apnic.net or via the APNIC social media channels. Also remember that the measurement@apnic.net mailing list on orbit is there to discuss and share relevant collaborative opportunities, grants and funding opportunities, jobs and graduate placings, or to seek feedback from the community about your own measurement projects. Be sure to check out the APNIC website for all your resource and community needs until next time you.