TelstraClear is about to launch what it says is New Zealand’s first Distributed Denial of Service attack solution.
The system, which cleans traffic in the “cloud” follows the launch of a similar service by its parent company in Australia 12-18 months ago.
The telco claims 50 of Australia’s top 200 companies, plus some New Zealand companies, have suffered DDoS attacks, raising questions about the effectiveness of in-house solutions.
Manager DMZ Strategy Delivery, Adrian van Hest, says the system has been “tested in battle” and will go live with its first client, a financial institution, by the end of the month. The service, he says, is unique to New Zealand and mirrors the existing Australian service.
Van Hest says distributed attacks overwhelm web resources because they are coming from many rather than a single server.
The most notable attacks of this nature were attacks on servers in IT outsourcing country Estonia and on the news network CNN, which received DDoS attacks from China following its coverage of protests in Tibet.
He says DDoS attacks are a real threat in New Zealand, although he declines to say who has suffered them. However, Computerworld reported at least one instance, when sites hosted at Christchurch ISP Digiweb were attacked in April last year.
DDoS attacks create a bottleneck in the client’s infrastructure but the volumes of traffic are too large to be stopped.
As an ISP, TelstraClear is able to handle them in the cloud within its own network, before passing on the “clean” traffic to the customer.
“Effectively, we monitor the traffic for behavioural patterns, file types and traffic types. That allows us to detect when somebody is getting a spike attack or we recognise an attack vector. We use technology from Arbor Networks to do this. They are the world’s leading DDoS technology provider,” van Hest continues.
Devices called collectors look at the traffic and can redirect it to where it is cleaned, like a huge filter, allowing only legitimate traffic to be delivered to the end-point, he explains.
Traditionally, firewalls will be used to block a denial of service attack, but they cannot cope with attacks from many sources as it takes too long to block off each individual source.
Van Hest says that with organisations paying for internet traffic they send and receive, it means they pay for such attacks.
Since launching the service in Australia, van Hest says the impact of DDoS attacks on Telstra customers has been minimal, when in the past, they would have fallen-over and been out for days.
“This effectively is an insurance policy. This is a simple solution to implement.
“There are a number of New Zealand firms we are talking to already. They understand the need. Maybe they have been attacked already. It’s a legitimate threat,” he says.