ISP Protects Its IP Backbone From DDoS Attacks

Telus becomes the first major North American ISP to deploy an anti-DDoS solution-Arbor's Peakflow-on its entire IP backbone.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Despite all of the attention distributed-denial-of-service attacks have received in the past couple of years and all of the time and money IT managers have spent trying to prevent them, most of the major ISPs have yet to take any real proactive steps to halt such attacks.

Telus Corp. on Monday will announce that it is the first major ISP in North America to deploy an anti-DDoS solution on its entire IP backbone. The Burnaby, B.C., telecommunications and data provider has installed Arbor Networks Inc.s Peakflow DoS product.

Arbors product is installed at several points on a customers network and works by learning what "normal" traffic is on the network and then identifying and alerting network operators to anomalous events.

Following the series of DDoS attacks on high-profile Web sites in February 2000, enterprise IT managers and CIOs scrambled to come up with ways to identify, halt and trace DDoS attacks. But many of them realized quickly that there was only so much they could do without the cooperation of their carriers.

"The things that an enterprise can do are limited unless the carrier gets involved," said Ted Julian, chief strategy officer at Arbor, based in Lexington, Mass. "Its not that this problem is going away, but at least well have the tools to deal with it."

Telus executives say that the companys customers have been asking for DDoS protection for some time.

"To be honest, we werent sure how much of a problem we had," said Deryl Williams, director of global business development at Telus. "You do see anomalies, so its hard to tell."