http://www.nwfusion.com/reviews/2002/0902rev.html By Mandy Andress, Network World Global Test Alliance Network World 09/02/02 There's more than one way to skin a denial-of-service attack, but first you've got to catch it. Two years after the well publicized attacks on Yahoo, eBay and CNN, DoS attacks are still very prevalent - they just aren't discussed. The advent of new attack technologies, such as Naptha and Reflective DoS attacks, are making the process of protecting networks even more difficult. In a perfect world, your ISP would detect and deal with the growing number of these attacks on its end. But because many ISPs do not want to take on the added burden and legal responsibility to provide, or claim to provide DoS protection, you'll most likely have to deal with DoS attacks - whether they are randomized DoS, general distributed DoS or reflective distributed DoS - on your own. On the market today is a range of vendors providing DoS attack-detection and mitigation products. How each product approaches the problem runs the gamut. Signature vs. anomaly detection. Inline vs. network tap. Active vs. passive. Who does what and how does it all work? We invited a group of vendors into our lab to help discern the advantages and disadvantages of each approach. Asta Networks, Captus Networks, CS3, Lancope, Mazu Networks, Radware and Webscreen agreed to participate in our review. AppSafe, Arbor Networks, CacheFlow, Check Point Software, Extreme Networks, FloodGuard, Internet Security Systems, IntruVert, NetScreen, Reactive Network Solutions, Recourse Technologies, Riverhead and TopLayer Networks declined. Our tests determined that these products all work about the same in detecting attacks, with most of the products detecting 95% of the attacks we launched (see online chart). The deciding factor lies in the mitigation techniques available to you. How concerned are you that valid traffic still needs to pass? How much control do you want over the process? What type of reports and how much data do you want to have available to you? Once you have answered those questions, you quickly will be able to narrow down the top choices for your environment. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:37:51 PDT