Asta Launches DDOS Detection Software

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/cwi/stories/0,1199,NAV65-663_STO61568,00.html

By JAIKUMAR VIJAYAN 
June 25, 2001

Asta Networks Inc. last week launched its Vantage System software,
which the company claims will help users quickly detect and respond to
distributed denial-of-service (DDOS) attacks.  Such attacks, which are
considered to be one of the most serious security threats on the
Internet, basically make Web sites inaccessible to legitimate users by
overloading servers or networks with useless traffic.

Asta's Vantage System makes it possible for companies to automatically
identify the abnormalities in network traffic that signal such
attacks, claimed Joe Devich, president and CEO of Seattle-based Asta.

The technology is composed of two primary components: network sensors
that collect samples of traffic data from key routers, and
coordinators that aggregate and analyze the data from the sensors.

Vantage System uses proprietary signature-based and anomaly-based
algorithms to detect attacks. Signature-based technology looks for
traffic patterns that match those of previously publicized DDOS
attacks. Anomaly-based algorithms look for traffic patterns that are
different from the usual traffic on a network. Automatic alerts then
notify network administrators of potential attacks.

Such capabilities are crucial, said Charles Kolodgy, an analyst at IDC
in Framingham, Mass. There is little that companies can do to prevent
DDOS attacks from being launched against them. But with early
detection and the right technologies, it's possible to choke off a lot
of the disruptive traffic, he said.

"[Such technology] is designed to give [service providers] and users a
better handle on the volumes of data going through their networks, so
that they can try and stop the bad traffic closer to the source,"
Kolodgy said.

But a lot depends on the ability of such technologies to scale in
high-bandwidth service provider networks, said Russ Cooper, an analyst
at TruSecure Corp., a consultancy in Reston, Va. Also crucial is the
ability of such technologies to really sift the bad traffic from the
good traffic. For instance, it's possible to have sudden, sharp spikes
in traffic for legitimate reasons. If a DDOS alert is raised each time
something like this happens, users will ultimately not pay attention
at all, Cooper warned.

Several other firms have begun offering similar capabilities,
including Mazu Networks Inc. in Cambridge, Mass., Arbor Networks Inc.
in Waltham, Mass., and Niksun Inc. in Monmouth Junction, N.J.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.