Re: Network & Systems Cloaking Tool

[Tommy <tommy () secure sh>]

At 06:51 PM 11/6/2002, <hackerwacker () cybermesa com> wrote:
> No box can protect against a DoS, if it sits at the customer end of a pipe, and the DoS is filling the pipe. 


Hello hackerwacker,

as you know, there are two different types of DDoS attacks:
1) flood the pipe
2) attack on application level

The bandwidth flooding DDoS attacks are fairly easy to catch with QoS stuff (or iSecure), and should be caught upstream 
if targeted against a small-bandwidth connection. Even though iSecure also defends against this type of attack, the key 
feature is defense against application-level DDoS attacks, and not shutting the pipe down (same effect as DDoS), but 
determination which is "good" traffic (passes), and which is "DDoS" traffic (stopped). This application-level attack is 
the more devastating, and the most difficult to combat - and this is what iSecure does:
http://www.dos-protection.com/html/dos___ddos.html
There is a lot of money being spent on the development of other DDoS Defense systems (~$300m so far), and there are 
some in the market, all of which according to a review by DDoS World in NW Fusion have significant drawbacks, are hard 
to configure, and/or simply do not work (such as: Sync4 crashes the DDoS Defense system). iSecure does not require any 
configuration (black box concept) and works against all flooding and application-type DDoS attacks as an inline 
scanner, successfully eliminating DDoS attacks in real-time, while letting "good" (desireable) traffic pass - and 
without bandwidth reduction.

Its other feature is the network & systems cloaking, which is truly unique (I know of no other system which does that), 
and which in conjunction with an IDS system can allow for more effective detection & traces, as it forces the attacker 
to log all ports in the scan range (or all 65,535) twice - while logging all as being 'open' and then to generate the 
list of "interesting ports" - i.e. the same, slowing down the probe dramatically. This is why I wanted to run it by the 
Snort community. Even NMAP can't figure out whats behind the system. More at:
http://www.dos-protection.com/html/cloaking.html

Thanks for your time,
Thomas


Thomas J. Ackermann
Mobile: 214-403-5368

Melior, Inc. ---  Perfectionists At Work. (TM)

Internet Infrastructure & Security Architects
in  Dallas,Silicon Valley, Los Angeles, Houston, New York, India
www.meliorinc.com
 
Tel: (888) 4 MELIOR     
Fax: (888) TO FAX US

This email is intended for the addressee only.  
The material may be privileged and may contain confidential information.  
If you have received this email in error, please notify Melior, Inc. immediately 
by email and delete the original.  Thank you!