Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Denial of service: Fighting back

From: InfoSec News <isn () c4i org>
Date: Fri, 6 Sep 2002 01:28:45 -0500 (CDT)
http://www.nwfusion.com/reviews/2002/0902rev.html

By Mandy Andress, 
Network World Global Test Alliance
Network World
09/02/02 

There's more than one way to skin a denial-of-service attack, but
first you've got to catch it. Two years after the well publicized
attacks on Yahoo, eBay and CNN, DoS attacks are still very prevalent -
they just aren't discussed. The advent of new attack technologies,
such as Naptha and Reflective DoS attacks, are making the process of
protecting networks even more difficult.

In a perfect world, your ISP would detect and deal with the growing
number of these attacks on its end. But because many ISPs do not want
to take on the added burden and legal responsibility to provide, or
claim to provide DoS protection, you'll most likely have to deal with
DoS attacks - whether they are randomized DoS, general distributed DoS
or reflective distributed DoS - on your own.

On the market today is a range of vendors providing DoS
attack-detection and mitigation products. How each product approaches
the problem runs the gamut. Signature vs. anomaly detection. Inline
vs. network tap. Active vs. passive. Who does what and how does it all
work?

We invited a group of vendors into our lab to help discern the
advantages and disadvantages of each approach. Asta Networks, Captus
Networks, CS3, Lancope, Mazu Networks, Radware and Webscreen agreed to
participate in our review. AppSafe, Arbor Networks, CacheFlow, Check
Point Software, Extreme Networks, FloodGuard, Internet Security
Systems, IntruVert, NetScreen, Reactive Network Solutions, Recourse
Technologies, Riverhead and TopLayer Networks declined.

Our tests determined that these products all work about the same in
detecting attacks, with most of the products detecting 95% of the
attacks we launched (see online chart). The deciding factor lies in
the mitigation techniques available to you. How concerned are you that
valid traffic still needs to pass? How much control do you want over
the process? What type of reports and how much data do you want to
have available to you? Once you have answered those questions, you
quickly will be able to narrow down the top choices for your
environment.

[...]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: