[ISN] Denial of service: Fighting back

From: InfoSec News (isnat_private)
Date: Thu Sep 05 2002 - 23:28:45 PDT

  • Next message: InfoSec News: "[ISN] File-name flaw threatens PGP users"

    By Mandy Andress, 
    Network World Global Test Alliance
    Network World
    There's more than one way to skin a denial-of-service attack, but
    first you've got to catch it. Two years after the well publicized
    attacks on Yahoo, eBay and CNN, DoS attacks are still very prevalent -
    they just aren't discussed. The advent of new attack technologies,
    such as Naptha and Reflective DoS attacks, are making the process of
    protecting networks even more difficult.
    In a perfect world, your ISP would detect and deal with the growing
    number of these attacks on its end. But because many ISPs do not want
    to take on the added burden and legal responsibility to provide, or
    claim to provide DoS protection, you'll most likely have to deal with
    DoS attacks - whether they are randomized DoS, general distributed DoS
    or reflective distributed DoS - on your own.
    On the market today is a range of vendors providing DoS
    attack-detection and mitigation products. How each product approaches
    the problem runs the gamut. Signature vs. anomaly detection. Inline
    vs. network tap. Active vs. passive. Who does what and how does it all
    We invited a group of vendors into our lab to help discern the
    advantages and disadvantages of each approach. Asta Networks, Captus
    Networks, CS3, Lancope, Mazu Networks, Radware and Webscreen agreed to
    participate in our review. AppSafe, Arbor Networks, CacheFlow, Check
    Point Software, Extreme Networks, FloodGuard, Internet Security
    Systems, IntruVert, NetScreen, Reactive Network Solutions, Recourse
    Technologies, Riverhead and TopLayer Networks declined.
    Our tests determined that these products all work about the same in
    detecting attacks, with most of the products detecting 95% of the
    attacks we launched (see online chart). The deciding factor lies in
    the mitigation techniques available to you. How concerned are you that
    valid traffic still needs to pass? How much control do you want over
    the process? What type of reports and how much data do you want to
    have available to you? Once you have answered those questions, you
    quickly will be able to narrow down the top choices for your
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:37:51 PDT