DoS responsibilities seen widening

Financial losses caused by denial-of-service attacks stand second only to the toll caused by viruses, according to a recent study by the Computer Security Institute and the FBI. Network World Senior Editor Denise Pappalardo recently spoke with Thomas Arthur, CEO of Arbor Networks, about DoS attacks and whether service providers and their customers are doing enough to protect their networks. Arbor's PeakFlow SP product, a traffic and routing management platform that defends against DoS and worm attacks, is deployed by 70 service providers worldwide.

Are DoS attacks getting worse? Are your customers seeing new types?

There are more attacks and different types than ever before. We have service provider customers that are actively mitigating and reconfiguring their networks due to three to five DoS attacks per day. They are mitigating DoS attacks on behalf of a customer, a peering partner or because they are worried about their own infrastructure. A DoS attack threatens all three. . . . What makes the DoS problem tricky is if you are an endpoint under attack and your uplink is flooded, there is virtually nothing you can do. You are dependent on your service provider to mitigate that attack as far upstream as they can get it or you are not available.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Financial losses caused by denial-of-service attacks stand second only to the toll caused by viruses, according to a recent study by the Computer Security Institute and the FBI. Network World Senior Editor Denise Pappalardo recently spoke with Thomas Arthur, CEO of Arbor Networks, about DoS attacks and whether service providers and their customers are doing enough to protect their networks. Arbor's PeakFlow SP product, a traffic and routing management platform that defends against DoS and worm attacks, is deployed by 70 service providers worldwide.

Are DoS attacks getting worse? Are your customers seeing new types?

There are more attacks and different types than ever before. We have service provider customers that are actively mitigating and reconfiguring their networks due to three to five DoS attacks per day. They are mitigating DoS attacks on behalf of a customer, a peering partner or because they are worried about their own infrastructure. A DoS attack threatens all three. . . . What makes the DoS problem tricky is if you are an endpoint under attack and your uplink is flooded, there is virtually nothing you can do. You are dependent on your service provider to mitigate that attack as far upstream as they can get it or you are not available.

What is the source for most DoS attacks?

Who's doing it is always an interesting question. These attacks are massively distributed. That's what makes them so nasty. The attacker, whoever they are, can be controlling thousands of machines halfway around the world. One recent anomaly is very targeted attacks. There are those that are blackmailing others. The MyDoom attack was specifically going after SCO because the attacker didn't like the company.

Are service providers doing enough to thwart attacks?

They're really starting to step up. Service providers such as AT&T are offering DoS services. They are actively protecting the edge between themselves and other service providers, typically called private peering connections. And now they are starting to offer services to help customers protect their transport layer. [Editor's note: Sprint and MCI also offer DoS mitigation services domestically, as Telus does internationally.] It's natural for the service providers to sell these services because they own the bandwidth and the upstream area where mitigation should be. They also own the network where detection and trace-back needs to be.

In the past carriers have talked about how they've been sharing information regarding large DoS attacks. Is that still going on, and how important is it?

It's true service providers have been calling each other when DoS attacks strike because their networks are connected. Collaboration is absolutely important. They do help each other to get really bad attacks under control. It's a win-win. Also, Arbor is coming out with a product that will allow service providers to share in real-time a detailed description of these attacks. It's all about saving time and having a very efficient conversation between support engineers to get a DoS attack offline.