Net fingerprints combat attacks

Net fingerprints combat attacks

Eighty large net service firms have switched on software to spot and stop net attacks automatically. The system creates digital fingerprints of ongoing incidents that are sent to every network affected. Firms involved in the smart sensing system believe it will help trace attacks back to their source. Data gathered will be passed to police to help build up intelligence about who is behind worm outbreaks and denial of service attacks. Firms signing up for the sensing system include MCI, BT, Deutsche Telekom, Energis, NTT, Bell Canada and many others. The creation of the fingerprinting system has been brokered by US firm Arbor Networks and signatures of attacks will be passed to anyone suffering under the weight of an attack. Increasingly computer criminals are using swarms of remotely controlled computers to carry out denial of service attacks on websites, launch worms and relay spam around the net. “We have seen attacks involving five and ten gigabytes of traffic,” said Rob Pollard, sales director for Arbor Networks which is behind the fingerprinting system. “Attacks of that size cause collateral damage as they cross the internet before they get to their destination,” he said. Once an attack is spotted and its signature defined the information will be passed back down the chain of networks affected to help every unwitting player tackle the problem. Mr Pollard said Arbor was not charging for the service and it would pass on fingerprint data to every network affected. “What we want to do is help net service firms communicate with each other and then push the attacks further and further back around the world to their source,” said Mr Pollard. Arbor Network’s technology works by building up a detailed history of traffic on a network. It spots which computers or groups of users regularly talk to each other and what types of traffic passes between machines or workgroups. Any anomaly to this usual pattern is spotted and flagged to network administrators who can take action if the traffic is due to a net-based attack of some kind. This type of close analysis has become very useful as net attacks are increasingly launched using several hundred or thousand different machines. Anyone looking at the traffic on a machine by machine basis would be unlikely to spot that they were all part of a concerted attack. “Attacks are getting more diffuse and more sophisticated,” said Malcolm Seagrave, security expert at Energis. “In the last 12 months it started getting noticeable that criminals were taking to it and we’ve seen massive growth.” He said that although informal systems exist to pass on information about attacks, often commercial confidentiality got in the way of sharing enough information to properly combat attacks.