Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Start-up Mazu unveils device to stop DDoS attacks

Related linksToday's breaking news
Send to a friendFeedback

By Sam Costello
IDG News Service, 06/25/01

In the battle to stop distributed denial of service attacks, a flood of new products has been offered recently. Many of these products offer a faster response to denial-of-service attacks, but few promise to actually stop them. Cambridge, Mass., start-up Mazu Networks, however, Monday unveiled a product, which, if the company's claims are to be believed, does just that.

The product is the TrafficMaster line of anti- distributed denial of service devices, a series of 1u (1.75-inch) tall devices that are installed as deep into a network as possible. Mazu is targeting the service provider, data center and enterprise markets, the very areas of the network where stopping attacks is likely to have the most effect.

Denial-of-service attacks are attacks in which the target system is flooded with false requests for service, thus denying legitimate users access; such attacks using more than one computer are called distributed denial of service attacks.

These attacks are not always as simple to stop as keeping a single site from being taken offline, according to Christine Washburn, the vice president of marketing at Mazu. If a company's servers are located in a third-party data center, not only might the target company be knocked offline, so might other companies in the data center. So, being able to pinpoint and stop attacks, as Mazu says its system can, is crucial, she said.

"The key issues (in this area) are really availability and uptime," she said.

Mazu's first product, the TrafficMaster Inspector for distributed denial of service, is a passive monitoring device based on IBM NetFinity hardware that does not sit in the data path, and therefore, does not cause any potential performance or reliability problems in a network, Washburn said. The TrafficMaster Inspector performs anomaly-based detections, determining whether an attack is in progress by comparing current traffic to a baseline obtained by studying the network. Such a baseline is generally prepared within 24 hours of installing the device, she said. The longer the device is installed on the network, the better baseline it develops, making the system smarter, she said.

Additionally, thanks to a feature called provision monitoring, TrafficMaster Inspector allows administrators to easily isolate the specific application or customer under attack rather than requiring multiple devices or long downtimes, according to the company.

Anomaly detection allows Mazu devices to identify bad packets and anomalous or attack traffic and alert administrators quickly, Washburn said. Administrators are able to take action to remove packets or fight the attack after they are notified of anomalies in the network by e-mail or pager, she said.

While the TrafficMaster Inspector helps identify distributed denial of service attacks, it also can be useful in billing disputes, Washburn said. If a service provider is billing customers based on the amount of bandwidth they use, an anti- distributed denial of service product could help keep a customer from seeing huge bandwidth charges at the end of a month in which their facilities might have been used in a denial-of-service attack, she said.

One TrafficMaster is generally enough to support 100 customers in a data center or service provider environment, though more customers would likely require more devices, Washburn said.

One customer of the TrafficMaster Inspector is ElephantX.com, an online stock trading and financial services firm. According to Tony Gauvin, the vice president of software and operations for ElephantX, the company has been using the Mazu product for more than six months and has been very pleased with it.

ElephantX uses TrafficMaster Inspector to profile its network traffic as it is "a good filter for looking for abnormalities," Gauvin said. Such a product is crucial for a company which is "very reliant on unencumbered data," as its customers are driven by transaction speed and response time, Gauvin said.

Gauvin hopes to see more companies adopt Mazu's products to fight distributed denial of service attacks, because "for any denial-of-service defense mechanism, there has to be a community response." He would like to see ISPs and carriers adopt such technology as well, as distributed denial of service attacks are among the most difficult and troubling kinds of attacks, he said.

The TrafficMaster Inspector is immediately available worldwide and costs $100,000 in a typical data center configuration.

While the Inspector is the only Mazu product available immediately, it is not the only product the company will be releasing this summer. Mazu will also be unveiling a second component for its suite, the TrafficMaster Enforcer for distributed denial of service. Unlike the Inspector, which is only a passive monitoring device, the Enforcer will actually allow customers to stop distributed denial of service attacks with filters based on packet type, payload, protocol or other factors, the company said.

Though Washburn said the Enforcer is ready to ship immediately, Mazu is holding it until later in the summer because "typically, most customers want to be very comfortable with the Inspector first (before they install a second device)."

Also, Mazu offers what its calls its network operations center server, a $20,000 device used to allow collaboration between a number of data centers all using the Inspector and to aggregate the data drawn from the Inspector to get a picture of all of a company's locations, not just one.

Despite Mazu's focus on hardware and security, the company may eventually grow beyond those bounds, Washburn said. Customers are responding to the packet inspecting and traffic management technology that underlies TrafficMaster and are asking Mazu for different kinds of services, she said, including bandwidth billing services and capacity planning.

The company's technology "may become a traffic engineering platform (with) the first application (being) distributed denial of service," she said, adding, "there are lots of other bandwidth and traffic issues that we're in a good position to solve."

Mazu Networks, in Cambridge, Mass., is at www.mazunetworks.com

The IDG News Service is a Network World affiliate.

Related Links

 
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.