Vendors Join Forces to Fingerprint Hacker Attacks

A group of high-profile network providers and ISPs form an alliance to automate the way real-time data on cyber-attacks is shared.

Struggling to cope with a dramatic rise in malicious hacker intrusions, a group of 18 network providers and ISPs on Monday announced plans to share real-time data on cyber-attacks.

The vendors, which include Cisco Systems Inc., British Telecommunication Plc., EarthLink Inc., MCI Inc. and XO Communications Inc., have formed the Fingerprint Sharing Alliance to automate the way information is distributed during an intense hacker attack.

At the hub of the alliance is Arbor Networks Inc.s Peakflow SP, a network security product capable of detecting, back tracing and responding to anomalies such as denial-of-service and worm/virus attacks.

/zimages/5/28571.gifClick here to read about an old-school denial-of-service attack that can penetrate Windows XP SP2.

Farnam Jahanian, Arbor Networks founder and chief scientist, said in an interview with that the Fingerprint Alliance effectively replaces a "laborious and tedious process" that involved the manual use of phone calls and e-mails to share information on cyber-threats.

"This is the first time network and service providers can share attack profiles and fingerprints automatically, without giving up any competitive information," Jahanian said.

Using the Peakflow SP platform, Jahanian said members of the alliance can collect data from devices around the network and look for anomalies. If the network deviations are flagged as a malicious attack, the platform generates a fingerprint that can be shared automatically and securely with select peers.

"The network and service providers now have a mechanism to share that kind of information, but they also have control over how the fingerprint is distributed. They set the policy to decide what kinds of information are shared," he said. The recipients of the fingerprint have the option to accept or reject the sharing request when the incoming fingerprint is received.

A typical fingerprint includes data on the scope and severity of a hacker attack. It also can be used to distribute information on the threats impact on devices, services and customers.

"This can be used for a broad range of zero-day cyber-threats," Jahanian said. "It can flag a denial-of-service attack, flood-based attacks or scanning attacks. It can also be used to share information on the fast-propagating worms and viruses were seeing every day."

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.