Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•
•	Google brings Buzz social networking to Gmail, mobile
•	Virginia firm files encryption lawsuit against tech giants
•	Most smartphones now have touchscreens, research finds
•	Five Ways Early Adopters Have Been Screwed
•	Google Nexus One fee cut follows broad FCC inquiry
•	NASA Endeavour set to dock with, expand International Space Station
•	Cisco, Juniper push new mobility-focused products
•
•	Startup links VMware with Amazon to create secure cloud storage
•	Adobe apologizes for 16-month-old Flash bug
•	Juniper execs share network vision
•	Planning for virtualization? Beware of server overload
•	US National Climate Service to manage world of climate change
•	'Rugged Manifesto' promotes secure coding
•	More breaking news

/

Internet protection services- the good and the ugly

By Jeffrey Fritz
Network World, 12/17/01

Internet protection services are a funnel between users and ISPs or enterprise networks. Like personal firewalls, Internet protection services run the gamut from good to poor. The worst services border on being spammers. They send out complaints helter-skelter to ISPs and enterprise networks whenever they receive a complaint or a firewall log.

The better services, such as Euclidian Consulting's DShield Fightback, exercise care with the firewall logs that are sent to them.

DShield analyzes log reports and selects a number of strong cases, which it then forwards to the ISP from which the attack originated. The fact that DShield and similar services offer to analyze reports means that they take the responsibility to separate the wheat (real attacks) from the chaff (someone downloaded a music track from the host PC).

To learn how they analyzed firewall reports, we asked DShield, "If I use your service, you indicate that you will analyze my firewall reports. What kind of analysis do you perform? What steps, if any, does your service take to make sure that my reports are real intrusions?"

DShield's Johannes Ullrich responded: "While we do not edit data that goes into the database, we apply some careful filters before forwarding any reports to ISPs. Only attacks against known vulnerable ports are forwarded, and only if the same IP has been spotted attacking multiple targets. Replies from the ISP that may indicate a problem will be forwarded to you.

"There are some common problems we ran into in the past that caused false alarms. Some ISPs started using load-balancing servers that sent out probes on Port 53 to measure the 'distance' to a client. For these special cases we keep a 'do not complain' list of ISPs."

RELATED LINKS

Fritz is the director of networking for West Virginia University and has directed the University's Advanced Network Applications Lab since 1988. He can be reached at jfritz@wvu.edu.

Global Test Alliance

Fritz is also a member of the Network World Global Test Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Test Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.