Information Security News mailing list archives
Denial of service: Fighting back
From: InfoSec News <isn () c4i org>
Date: Fri, 6 Sep 2002 01:28:45 -0500 (CDT)
http://www.nwfusion.com/reviews/2002/0902rev.html By Mandy Andress, Network World Global Test Alliance Network World 09/02/02 There's more than one way to skin a denial-of-service attack, but first you've got to catch it. Two years after the well publicized attacks on Yahoo, eBay and CNN, DoS attacks are still very prevalent - they just aren't discussed. The advent of new attack technologies, such as Naptha and Reflective DoS attacks, are making the process of protecting networks even more difficult. In a perfect world, your ISP would detect and deal with the growing number of these attacks on its end. But because many ISPs do not want to take on the added burden and legal responsibility to provide, or claim to provide DoS protection, you'll most likely have to deal with DoS attacks - whether they are randomized DoS, general distributed DoS or reflective distributed DoS - on your own. On the market today is a range of vendors providing DoS attack-detection and mitigation products. How each product approaches the problem runs the gamut. Signature vs. anomaly detection. Inline vs. network tap. Active vs. passive. Who does what and how does it all work? We invited a group of vendors into our lab to help discern the advantages and disadvantages of each approach. Asta Networks, Captus Networks, CS3, Lancope, Mazu Networks, Radware and Webscreen agreed to participate in our review. AppSafe, Arbor Networks, CacheFlow, Check Point Software, Extreme Networks, FloodGuard, Internet Security Systems, IntruVert, NetScreen, Reactive Network Solutions, Recourse Technologies, Riverhead and TopLayer Networks declined. Our tests determined that these products all work about the same in detecting attacks, with most of the products detecting 95% of the attacks we launched (see online chart). The deciding factor lies in the mitigation techniques available to you. How concerned are you that valid traffic still needs to pass? How much control do you want over the process? What type of reports and how much data do you want to have available to you? Once you have answered those questions, you quickly will be able to narrow down the top choices for your environment. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Denial of service: Fighting back InfoSec News (Sep 06)