[ISN] ISPs, telecoms join to 'fingerprint' Internet attacks

From: InfoSec News (isn@private)
Date: Tue Mar 29 2005 - 04:55:06 PST


By Paul Roberts
MARCH 28, 2005 

Leading global telecommunications companies, Internet service
providers and network operators will begin sharing information on
Internet attacks as members of a new group called the Fingerprint
Sharing Alliance, according to a published statement from the new

The companies, including EarthLink Inc., Asia Netcom, British
Telecommunications PLC and MCI Inc., will share detailed profile
information on attacks launched against their networks. Information to
be shared will include the sources of attacks. The alliance will make
it easier for service providers and network operators to crack down on
global Internet attacks more quickly, according to Tom Schuster,
president of Lexington, Mass.-based Arbor Networks Inc., which
launched the new alliance.

The Fingerprint Sharing Alliance uses technology from Arbor called
Peakflow to spot network attacks and automatically generate a profile,
or "fingerprint," of the attack in a standard data file format called
PCAP. That fingerprint information is passed along to other service
providers closer to the source of the attack, which can then block the
source of the traffic, Schuster said.

Arbor wrapped features that support the Fingerprint Sharing Alliance
into the last release of Peakflow, which came out earlier this year.  
Alliance members have been using Peakflow to share attack fingerprints
since then, Schuster said.

The alliance replaces an ad hoc system of e-mail messages and phone
calls that operators of large networks have used to coordinate their
response to attacks and threats, Arbor said. Because communication has
been cumbersome, ISPs and network owners have had no incentive to
share attack information.

The alliance will make it easier for them to cooperate and will lower
the threshold that attacks must surpass to get the attention of ISPs.  
Even attacks on small ISP customers will prompt a response from large
infrastructure providers. Peakflow also scrubs the data in
fingerprints so alliance members can't use them to sniff sensitive
information on competitors, according to Schuster.

"People are realizing that the world is a connected place. We have to
empower service providers at the point of origin to have zero
tolerance," he said.

Cracking down on those behind even small attacks may also improve the
overall health of the Internet and quell raging problems such as
"botnets" of zombie computers that are used in large-scale attacks,
according to Schuster.

Membership in the alliance is not limited to Arbor customers or
Peakflow users. Network owners that are not Arbor customers can
generate their own fingerprints and accept PCAP-format fingerprints
generated by Alliance members. However, Arbor's technology "speeds up
the process considerably" by automatically creating and distributing
the fingerprints.

All current members of the alliance are Peakflow customers, and the
company's roster of global ISPs gives the program bite, Schuster said.

The alliance is a first step in addressing the problem of Internet
attacks. Arbor hopes that the participation of leading service
providers will compel competitors, as well as smaller network owners,
to take part as well.

Network Security - http://www.auditmypc.com
Free vulnerability test - How secure is your computer?

This archive was generated by hypermail 2.1.3 : Tue Mar 29 2005 - 10:08:28 PST