Combating DDoS Dangers

As startup Mazu Networks readies TrafficMasterEnforcer, CEO assesses threat posed by attacks.

Mazu Networks Inc. is one of several startups that emerged to help combat the threat of DDoS attacks in the wake of the high-profile assaults on several sites in February 2000. The Cambridge, Mass., company was one of the first to bring an anti-distributed-denial-of-service product—TrafficMaster—to market and this week will launch an addition to the line: TrafficMasterEnforcer. Senior Writer Dennis Fisher caught up with Mazu CEO Phil London last week to talk about the new device and to discuss the current buzz about cyber-terror.

eWeek: Since the string of DDoS attacks last year, there have been a lot of products released to combat these attacks. Whats new about your product?

London: Our new TrafficMasterEnforcer is an in-line device that sits at the edge of the network and is able to analyze packets as they come in. It can mitigate attacks by analyzing the packets based on a set of parameters for the network that are established during normal operation. It can distinguish between attack and normal packets.

eWeek: Do you expect the number of DDoS attacks to rise as time goes on?

London: Absolutely. There are a number of indications that the trend is toward a substantial increase in attacks. We have anecdotal evidence from service providers who say that the number of attacks per week is increasing. Also, weve seen a tremendous amount of attention paid to this problem at the highest levels of the federal government.

eWeek: Talking about it is one thing, but do you expect anything to get done?

London: As far as doing anything, well, its the government. But [U.S. Attorney General] John Ashcroft has said he believes its a big problem. And the threat of a DDoS attack on our power grid or air traffic control system or utilities is possible. Ive had some discussions with the people at the [General Services Administration] and they say that those things are vulnerable.

eWeek: With all of the talk about cyber-terrorism, do you believe theres really a threat from terrorists to our networks?

London: The short answer is yes. There are indications that terrorism is a potential motive for [DDoS attacks]. One of our potential customers, Croatia Telecom, has said they are regularly victimized by DDoS attacks from Serbia that have made the Internet unavailable in Croatia for more than a day on several occasions. And there are reports that [other countries] are constantly DoS-ing each other, and some of it is state-sponsored.

eWeek: But wont it be difficult to determine who launched the attack if something does happen?

London: A well-constructed attack will be hard to trace to terrorists. Unless they make a statement. The attacks are launched from intermediate machines that have been infiltrated weeks or months ahead of time. And the victims are reluctant to go public once theyve been attacked. They dont want the FBI showing up with flatbeds and carting their machines and logs away. Our customers are much more interested in stopping the attacks than tracing the attackers. They want to target the symptoms and not the cause. Any interest in prosecuting attackers has to come from the victims.