In Denial | eWeek

In Denial

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Jul 9, 2001
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

If service providers dont move faster to prevent distributed denial-of-service attacks, hackers and script kiddies can grab their suntan lotion and head for the beach this summer because there will still be ample opportunity to bring sites to a screeching halt once the season is over.

To an I-manager, a DDOS attack — a flood of junk traffic blasted at a site — is about as frustrating a security concern as there is in this business. And for a very good reason: There really isnt much you can do about it.

Denial-of-service attacks are launched at a rate of more than 4,000 per week, according to a recent study by the University of California at San Diego, and researchers say thats a conservative estimate. But solutions to DDOS are hard to come by.

Sure, you can throttle back your Internet bandwidth but then youre limiting legitimate traffic as well, possibly frustrating customers. You can also blow open the pipe so wide that any and all traffic can get through. But this presents two problems: One, your friendly service provider is going to charge you more for that increased bandwidth; and two, eventually, youre going to get hit by an attack so large even that wont help.

Theres a new crop of network devices we wrote about last week [“Mob Stoppers,” July 2, page 46] from Arbor Networks, Asta Networks, Captus Networks and Mazu Networks, each of which promises to detect and stop DDOS attacks without dropping legitimate traffic, but those products have yet to be proven.

Of course, we could all just ask hackers to stop. Nicely. Assuming that doesnt work, were stuck.

Or maybe not. Many industry watchers feel the responsibility for stopping DDOS should be squarely on Internet service providers (ISPs) shoulders, since theyre at the core of the network and have better insight with which to prevent these attacks.

“The issue of DOS is something that [wont be solved] unless the ISPs, network operators and backbone providers work collectively,” says Sunil Misra, managing principal at Unisyss worldwide security practice. “And there is no movement right now to make that happen.”

Thats a crying shame. The main obstacle is that this would require all of these ISPs to work together to put a stop to DDOS. Says Steve Bellovin, a researcher at AT&T Labs and noted DDOS expert, “Theres not a whole lot an individual ISP can do.” However, working together, ISPs can come up with anti-address spoofing strategies and find out exactly where these attacks are coming from.

But I dont think any single ISP should be let off the hook, either. Call up your service provider and ask what theyre doing about DDOS. If they dont have a strategy, or at the very least arent considering solutions from the vendors mentioned above, then they dont have your best interests in mind.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.