NZ anti-DoS tool goes convincingly to war

It was a successful military exercise: Esphion Ltd.'s anti-denial of service attack tool performed well for the armed forces of five nations.

The Auckland company was the only private sector organization invited to last week's Joint Warrior Interoperability Demonstration (Jwid) that attended, says a Defense Force spokesman. Jwid involves the armed forces of the U.S., Australia, New Zealand, Canada and the U.K., as well as Nato observers, in a demonstration of software that might be of use in military applications. The Defense Force spokespeople at the demonstration confirmed that Esphion's NetDeflect denial of service (DoS) detection and blocking tool appeared to be doing its job.

DoS attacks are typically effected by a perpetrator sending more traffic to a network address than it can cope with. A distributed DoS (DDoS) attack involves numerous compromised systems attacking a single target. DDoS have in the past temporarily closed down the Yahoo, Etrade and CNN Web sites.

NetDeflect was set up against a variety of simulated attacks, including syn floods -- sometimes described as the Internet equivalent of "crank calling" servers to set up a TCP connection, fragmentation attacks -- in which the process of splitting long packets in IP is exploited to disrupt communications or introduce spurious data, and attempts to spread the Nimda and Code Red worms.

The first task is to detect either an anomalous rise in traffic volume, an unusual ratio between connection set-ups and tear-downs -- the ratio being 1:1 in legitimate traffic -- or a worm signature. The first necessitates careful analysis and subtraction of normal variability of traffic during the day. NetDeflect then identifies the nature of the spurious traffic and puts a filter in its way, or, in the case of a worm, disconnects the specific channel the worm is using.

The block can be distributed to remote sites, says Esphion chief executive Johnny Cates.

If, say, a company's branch in Korea is under DoS attack the router controlling traffic from Korea to New Zealand can be tweaked remotely to block the offending traffic before it reaches the New Zealand office.

Esphion has had interest outside the defense arena, from one telco and one large bank in New Zealand, says Cates. He declines to identify either.

Meanwhile, the company is set to introduce a network analyzer, to be known as Netalyzer, to monitor traffic flows for the purpose of improving bandwidth utilization over the network.

Other companies offering a counter to DoS attacks include Mazu Networks, Asta Networks, Arbor Networks and Captus Networks.

Auckland software company Computer Works is also claiming success with overseas military buyers. The company says Nato has bought four licenses of its MailRules e-mail automation software.

Join the newsletter!

Error: Please check your email address.

More about Arbor NetworksAstaCaptus NetworksCNNEsphionE*TradeMazu NetworksNATOYahoo

Show Comments
[]