[ISN] Denial of service: Fighting back

From: InfoSec News (isnat_private)
Date: Thu Sep 05 2002 - 23:28:45 PDT

Next message: InfoSec News: "[ISN] File-name flaw threatens PGP users"

Previous message: InfoSec News: "Re: [ISN] Defacement archives inaccessible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/reviews/2002/0902rev.html

By Mandy Andress, 
Network World Global Test Alliance
Network World
09/02/02 

There's more than one way to skin a denial-of-service attack, but
first you've got to catch it. Two years after the well publicized
attacks on Yahoo, eBay and CNN, DoS attacks are still very prevalent -
they just aren't discussed. The advent of new attack technologies,
such as Naptha and Reflective DoS attacks, are making the process of
protecting networks even more difficult.

In a perfect world, your ISP would detect and deal with the growing
number of these attacks on its end. But because many ISPs do not want
to take on the added burden and legal responsibility to provide, or
claim to provide DoS protection, you'll most likely have to deal with
DoS attacks - whether they are randomized DoS, general distributed DoS
or reflective distributed DoS - on your own.

On the market today is a range of vendors providing DoS
attack-detection and mitigation products. How each product approaches
the problem runs the gamut. Signature vs. anomaly detection. Inline
vs. network tap. Active vs. passive. Who does what and how does it all
work?

We invited a group of vendors into our lab to help discern the
advantages and disadvantages of each approach. Asta Networks, Captus
Networks, CS3, Lancope, Mazu Networks, Radware and Webscreen agreed to
participate in our review. AppSafe, Arbor Networks, CacheFlow, Check
Point Software, Extreme Networks, FloodGuard, Internet Security
Systems, IntruVert, NetScreen, Reactive Network Solutions, Recourse
Technologies, Riverhead and TopLayer Networks declined.

Our tests determined that these products all work about the same in
detecting attacks, with most of the products detecting 95% of the
attacks we launched (see online chart). The deciding factor lies in
the mitigation techniques available to you. How concerned are you that
valid traffic still needs to pass? How much control do you want over
the process? What type of reports and how much data do you want to
have available to you? Once you have answered those questions, you
quickly will be able to narrow down the top choices for your
environment.

[...]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] File-name flaw threatens PGP users"
Previous message: InfoSec News: "Re: [ISN] Defacement archives inaccessible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:37:51 PDT