Canadian carrier TELUS adds DoS security protection to backbone net

TELUS, the second largest telecomunications carrier in Canada, said it is deploying Arbor Networks' denial-of-service product Peakflow DoS to protect its Internet backbone from attacks on TELUS and its customers.

With its announcement this week, TELUS becomes the first known telecom carrier to make a major commitment to installing equipment for combating the wide variety of denial-of-service attacks, including the type called distributed denial-of-service attacks in which IP floods directed from hundreds of sources by a single attacker can quickly overwhelm servers and routers. Arbor competes against a handful of other vendors, including Mazu Networks, which specializes in distributed denial-of-service network defense.

TELUS, which said Arbor was selected in a competition that included two other vendors it declined to name, has initially deployed Arbor's Peakflow denial-of-service equipment on multiple OC-3 links at four major hubs on its Internet backbone.

There, the Arbor antidenial-of-service equipment will detect and analyze traffic transversing high-speed Cisco routers, said Leonard Hendricks, director of marketing at TELUS. These four hubs, in the Canadian provinces of British Columbia, Alberta as well as two in Ontario, will be able to collect data from across the larger Canadian cities in order to recommend appropriate action should a denial-of-service attack be detected. Until now, TELUS engineers had been forced to do this type of analysis in a more manual fashion, Hendricks said.

"A denial-of-service attack can be difficult to nail down," Hendricks said. "In the past, we had a reactive approach."

A customer might phone in to ask for help in fending off what was suspected of being a denial-of-service attack on a Web site, and TELUS would have its engineers look at the routers and try to block it. In the case of such attacks, "It could take some time to either find out if it's an actual attack or just a hardware failure," Hendricks said.

In the few months since TELUS deployed the Arbor equipment, the carrier has been able to get a far better picture of what's happening in terms of the denial-of-service threat. "We discovered we can see a lot more attacks than we had been able to in the past," Hendricks said.

TELUS uses the Remedy trouble-ticketing system, and it has integrated use of Arbor Peakflow DoS into Remedy so that the Arbor reporting console can issue a trouble-ticket that can be shared with the Remedy.

Although Arbor Peakflow DoS, which works by analyzing traffic through routers, can be configured to automatically take action against perceived attack by blocking traffic streams, TELUS said it prefers that any blocking "be done by humans," Hendricks said. "The big fear is that an automated system could block out legitimate traffic."

TELUS is deploying the antidenial-of-service equipment initially to protect its own core backbone, and in the next few months will be deploying additional Arbor gear at the edge of customer networks and in its Web-hosting centers. This is costing TELUS less than $2 million, according to Hendricks.

Canadian ISPs are counted among TELUS customers. And TELUS hopes that its ability to analyze denial-of-service attacks more efficiently will be a "differentiation for selling to ISPS," Hendricks said. TELUS has no specific plans that would call for marketing denial-of-service protection as a value-added service. That's a topic that's gotten a lot of discussion from U.S. ISPs, though none have made a public commitment to purchase antidistributed denial-of-service gear yet as TELUS just did.

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer