Net fingerprints combat attacks

R.A. Hettinga rah at
Tue Mar 29 22:18:12 EST 2005



Tuesday, 29 March, 2005, 08:17 GMT 09:17 UK

 Net fingerprints combat attacks Eighty large net service firms have
switched on software to spot and stop net attacks automatically.

The system creates digital fingerprints of ongoing incidents that are sent
to every network affected.

 Firms involved in the smart sensing system believe it will help trace
attacks back to their source.

 Data gathered will be passed to police to help build up intelligence about
who is behind worm outbreaks and denial of service attacks.

 Tracing attacks

Firms signing up for the sensing system include MCI, BT, Deutsche Telekom,
Energis, NTT, Bell Canada and many others.

 The creation of the fingerprinting system has been brokered by US firm
Arbor Networks and signatures of attacks will be passed to anyone suffering
under the weight of an attack.

 Increasingly computer criminals are using swarms of remotely controlled
computers to carry out denial of service attacks on websites, launch worms
and relay spam around the net.

 "We have seen attacks involving five and ten gigabytes of traffic," said
Rob Pollard, sales director for Arbor Networks which is behind the
fingerprinting system.

 "Attacks of that size cause collateral damage as they cross the internet
before they get to their destination," he said.

 Once an attack is spotted and its signature defined the information will
be passed back down the chain of networks affected to help every unwitting
player tackle the problem.


	* 	Asia Netcom (Asia)
	* 	Bell Canada
	* 	 BT (UK)
	* 	Energis (UK)
	* 	 Deustsche Telekom (Germany)
	* 	 EarthLink (US)
	* 	 ITC DeltaCom(US)
	* 	 MCI (US)
	* 	Merit Network (US)
	* 	NTT (Japan)
	* 	 ThePlanet (US)
	* 	 Verizon Dominicana
	* 	 WilTel Communications (US)

 Mr Pollard said Arbor was not charging for the service and it would pass
on fingerprint data to every network affected.

 "What we want to do is help net service firms communicate with each other
and then push the attacks further and further back around the world to
their source," said Mr Pollard.

 Arbor Network's technology works by building up a detailed history of
traffic on a network. It spots which computers or groups of users regularly
talk to each other and what types of traffic passes between machines or

 Any anomaly to this usual pattern is spotted and flagged to network
administrators who can take action if the traffic is due to a net-based
attack of some kind.

 This type of close analysis has become very useful as net attacks are
increasingly launched using several hundred or thousand different machines.

 Anyone looking at the traffic on a machine by machine basis would be
unlikely to spot that they were all part of a concerted attack.

 "Attacks are getting more diffuse and more sophisticated," said Malcolm
Seagrave, security expert at Energis.

 "In the last 12 months it started getting noticeable that criminals were
taking to it and we've seen massive growth."

 He said that although informal systems exist to pass on information about
attacks, often commercial confidentiality got in the way of sharing enough
information to properly combat attacks.

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list