DDoSInfo – Information about DDoS and Denial of Service Attacks

One of the biggest ongoing challenges in networking continues to be the struggle against distributed denial of service (DDoS) attacks. Unlike the similarly-named denial of service (DoS) attack, which is easily controlled by filtering all packets from a particular source IP address, a distributed DOS attack usually includes traffic generated by large numbers of host computers. These hosts may be in multiple geographic regions, and often are served by multiple ISPs.

The intent of these attacks is the same—to overwhelm Internet sites with so many packets that they lose connectivity, disrupting operations and potentially causing large financial losses. Sites under attack may find all their bandwidth consumed, or simply that their firewalls or servers cannot withstand so much traffic. Occasionally attackers will find an actual weakness or vulnerability in the site, but this is not necessary for a DDoS attack to succeed. Every organization with a public Internet site is a potential DDoS victim.

Reasons behind DDoS attacks may include extortion, market competition, political sabotage or even cyber terrorism. The mechanism is usually the same—most attackers use botnets.

Botnets are collections of autonomous software robots or “bots,” running on multiple infected computers (sometimes called “zombies”) without the knowledge or consent of those systems’ owners. Located mostly in Windows PCs, bots wait in hiding until a hacker secretly signals them. Hackers often use Internet relay chat as a way to command botnets, remotely telling them to generate spam, attack a website or infect other computers (and thus add to the size of the botnet and its value to the hacker who controls it).

More than a million bots are estimated to exist on the public Internet, and some botnets consist of more than 20,000 infected PCs. When a botnet of that size targets a single website, even the largest sites with huge servers and prodigious bandwidth may not be able to withstand the attack. According to the Computer Security Institute, corporations such as Amazon, Microsoft, Yahoo, CNN and eBay have been victims of DDoS attacks. And DDoS attacks can be launched against more than just host computers or Web servers—they have been directed at DNS servers, email systems and network routers.

Read More..

After reviewing their current signature based
Intrusion Prevention System (IPS) and evaluating several other IPS
solutions available on the market, Planeetta selected the IG200 to
protect its customer maintained servers and network operation center
(NOC) from a growing threat of DDoS attacks, protocol anomaly based
hacking, scans and other zero-day exploits. Such network floods were
occurring on a monthly basis and with only a narrow based DDoS attack
on just one customer; connectivity to other accounts was hampered. The
existing IPS device was overtaken with flood traffic and failed. Prior
to the IntruGuard deployment, Planeetta took a painstaking effort with
their Internet Service Provider to determine all sources of attack and
instituted ACLs to block the assault. This method took many hours to
bring the attack under control.

Lauri Pitkanen, Chief Security Officer and Co-founder at Planeetta
explained, ”Compared to other solutions available on the market, the
IG200 was the clear choice because of its split-second automated
response, full duplex Fast Ethernet throughput, software upgrade
capability to gigabit throughput, and ease of administration and
monitoring. The ability to create virtual protection zones using the
Virtual Identifier (VID) feature in the IG200 was extremely powerful
and allowed us to separate our operations center from customer servers.
We use the IG200 to block denial of service network floods targeting an
individual customer where such an attack affects all customers. Since
its installation, the IG200 has successfully thwarted several attacks
and helped us trace the source of each.”

Ashok Jain, CEO of IntruGuard Devices, Inc. commented, ”Web Hosting
has to go on un-interrupted. Companies like Planeetta, that understand
the value of their customers’ trust, are quickly realizing the IG
product family can help them keep their wide-ranging services on-line
at all times and maintain mandatory service level agreements.”

Planeetta Internet Oy is a provider of web hosting services in Europe,
serving over 5000 customers with an excess of 50 servers in its data
center. Thorough security services include protection against worms,
viruses, spyware, and other malicious attacks to protect their
operations. Services include web site and email support. The company is
located in Helsinki, Finland.

IntruGuard’s mission is to secure high-value Internet services and
network infrastructure by delivering built-for-purpose systems for
Intrusion and Day Zero DoS and DDoS Attack Prevention. The company
serves e-commerce, web hosting/ISP, financial institutions, and managed
service providers that are under pressure to deliver guaranteed network
and application performance under all conditions. IntruGuard’s IG200,
IG2000, and IG2200 DDoS Firewall security appliances will defeat any
intruder attempting to mount a rate-based attack on servers, subnets or
networks. These appliances deliver maximum performance, intelligence,
and ease of deployment. The company is headquartered in Sunnyvale, CA.

To learn more about IntruGuard, please visit: www.intruguarddevices.com.

For more information about Planeetta Internet Oy, please visit: www.planeetta.net/.

netZentry, a leading developer of advanced network security and Distributed Denial of Service (DDoS) attack detection and mitigation solutions, is partnering with Layered Technologies (http://www.layeredtech.com), a premier provider of dedicated servers, to offer hosting customers this extra protection from external network attacks.

"Customers electing to add netZentry received more control and extra security on a targeted individual server basis from denial of service attacks," said Todd Abrams, President of Layered Technologies (LT). "Layered Technologies decided to provide netZentry’s DDos offering after viewing the additional protection power customers could utilize. We urge LT customers to exploit this valuable extra defense."

netZentry’s DDoS protection software, CleanTraffic, is the cornerstone of Netzentry’s Partner Program. CleanTraffic carefully tracks each DDoS attack at every stage of the attack and an automated email report is immediately sent to the customer being affected. Email notifications consist of a visual report that documents:

• Attack detection
• Attack mitigation
• Specific mitigation actions taken

CleanTraffic allows service providers and enterprises to defend tens of thousands of their clients and servers against threats in a customized manner, at a low total cost of ownership.

"Targeted attacks are becoming increasingly common," said Rangaswamy Vasudevan, CEO of netZentry. "netZentry’s CleanTraffic is the only solution that offers fine-grain protection to
maintain accessibility of individual services even when under attack. We are pleased to partner with Layered Technologies to extend this value-add service to their customers."

Webscreen Technology is relaunching its denial-of-service mitigation appliances in the United States after 18 months of concentrating its efforts abroad.                                                 
The company was founded in the United States in 2001 and was bought by a group of U.K. investors in 2005. With its return to the United States it is announcing Webscreen 3.0, an upgrade to its flagship product that adds bandwidth optimization tools.

Webscreen appliances sit outside corporate firewalls and protect Web sites from distributed DoS attacks by evaluating what traffic can be trusted and what traffic can’t. It constantly ranks traffic from trusted to untrusted so the most suspect traffic is dropped first during attacks.

The devices are typically installed in learning mode for a week to determine normal traffic patterns before they are switched on in defense mode. Inspection is performed based on an algorithm, and the device uses no pattern matching to determine suspicious traffic.

The device begins to block traffic only when attacks are severe enough to degrade performance of a Web server, the company says.

Version 3.0 enables reserving bandwidth for key applications and users even in the midst of an attack. This can reserve capacity for essential business tasks and reduce the need for adding bandwidth to Internet links to overcome the volume of unnecessary traffic.

The software maps where attacks are coming from and distributes this data among all the Webscreen devices protecting the various Internet access points in a network. This helps ward off attacks if they shift from one site to another.      

Webscreen Technology Ltd , the UK
based network integrity solutions vendor has today announced a strategic
technology partnership with Crossbeam Systems®, Inc ., the leader in
unified threat management (UTM) for the world’s largest networks ,
strengthening Webscreen’s claim to be the world leader in DDoS defence
system technology.

Webscreen’s technology has been developed to provide maximum
protection against the full gamut of threats designed to bring down
Internet connected servers and disrupt critical services, particularly a
problem for Web-based enterprises and public service organisations who
need to maintain 24/7 access for their users. Using an anomaly based,
heuristic, algorithm Webscreen’s WS Series of network appliances monitor
all incoming traffic for signs of malicious attempts to flood the
system’s resources, blocking any suspicious activity at the network
perimeter and permitting legitimate traffic to pass through.

Customers choosing to run Webscreen’s intelligent screening
technology can now take advantage of Crossbeam’s highly-flexible UTM
platforms offering best-of-breed security applications, including
firewall, VPN, intrusion prevention and content filtering from the
world’s leading vendors. Crossbeam’s unique UTM platform enables
companies of all sizes to consolidate their security infrastructures
without compromising security policies, while also generating
significant cost benefits for the organization.

Established in the US in 2001 Webscreen Technologies was acquired by
a privately funded, UK team of security professionals in October 2005
and is now providing protection for some of the most high profile
ebusiness websites in the world including ISPs, ASPs and system
integrators where service availability is a key requirement. The ISP
community in particular is growing rapidly, and Webscreen is proving its
worth not only to protect the Data Centre infrastructure, but also to
differentiate the ISP service proposition. Today, Webscreen protects
over 5 million websites worldwide and across many vertical market
sectors.

Robin Hill, Webscreen’s VP of Sales commented "This agreement is
highly important to our overall growth plans for Webscreen and
represents both an excellent endorsement for the technology itself and
also a major opportunity for us to extend our global reach through
Crossbeam’s worldwide network of partners. Crossbeam is a highly
respected company whose innovative approach is recognised by all leading
industry watchers as the way forward for corporate security deployments.
We are delighted to be included in the company’s portfolio of leading
security technologies."

Crossbeam Systems is the leader in unified threat management (UTM)
for the world’s largest networks, and has redefined UTM by offering
traditional and cutting-edge applications that meet the specific needs
of any enterprise or service provider.

"The market demand for UTM is clearly evident as more and more
companies are looking for simplified security architecture to protect
the integrity of their public networks. The addition of Webscreen to the
Crossbeam platform further enhances our UTM offering and enables
companies to rapidly deploy the right defence in depth solution for any
part of the network," said Joel Silberman, vice president of ISV
partnerships and business development at Crossbeam Systems. "In
addition to traditional UTM applications such as anti-virus and
intrusion detection/prevention systems, we can now offer end-users the
assurance of uninterrupted access to their critical resources under the
most severe external DDoS attack."

Claranet, one of Europe’s largest Managed Services Provider (MSP) has announced a partnership with Prolexic Technologies to provide its clients with the highest level of protection against Distributed Denial of Service (DDoS) attacks.

Gaming and payment solution providers have typically been prime targets for web attacks.

Claranet is adding to its existing DDoS mitigation with Prolexic’s Clean Pipe solution. The solution responds in real time to DDoS attacks, impeding them at multiple layers and enabling legitimate traffic to continue to reach its destination.

Other DDoS mitigation solutions – in particular hardware devices – are unable to withstand the rapidly increasing magnitude of today’s attacks.

Marino Zini, Claranet Director of Managed Services said, ‘DDoS is an escalating problem and we have a responsibility to provide our customers with clean, consistent bandwidth.’

Gus Cunningham, UK MD, Prolexic said, ‘With online gaming businesses at particular risk and the increasing ferocity of attacks we have been seeing, it is essential that ISPs look at a dynamic solution that can cope with large and persistent attacks.’