"Unlike
conventional DDoS detection systems based on the statistical analysis
of traffic, the first layer of the new Advanced Botnet Protection (ABP)
intrusion prevention system (IPS) uses a proxy to pass or block packet
traffic dependent on whether or not it is “complete”. "
The best thing is that it's free, the bad thing is that it may give their customers a "false sense of security", that is, while the company is actively working on retaining its current customers, I feel "SYN cookies" and their concept has been around for years. Moreover, using a service provided by a company whose core competencies have nothing to do with DDoS defense can be tricky. Companies worth mentioning are Arbor Networks, and Cisco's solutions, besides the many other alternative and flexible ways of dealing with DDoS attacks.
In my research research on the Future trends of Malware, I pointed out some of the trends related to botnets and DDoS attacks, namely, DDoS extortion, DDoS on demand/hire, and with the first legally prosecuted case of offering botnet access on demand, it's a clear indication that of where things are going. Defense against frontal attacks isn't cost-effective given that at the bottom line the costs to maintain the site outpace the revenues generated for the time, hard dollars disappear, soft ones as reputation remain the same.
My
advice is to take into consideration the possibility to outsource your
problem, and stay away from product line extensions, and I think it's
that very simple. A differentiated service on fighting infected nodes is
being offered by Sophos, namely the Zombie Alert,
which makes me wonder why the majority of AV vendors besides them
haven't come up with an alternative given the data their sensor networks
are able to collect? Moreover, should such as service be free, would it
end up as a licensed extensions to be included within the majority of
security solutions, and can a motivated system administrators
successfully detect, block, and isolate zombie traffic going out of the
network(I think yes!)?
As far as botnets are concerned, there were even
speculations on using "Skype to control botnets",
now who would want to do that, and under what reason given the current
approaches for controlling botnets, isn't the use of cryptography or
security through obscurity("talkative bots", stripping IRCds) the
logical "evolution" in here?
Something else worth mentioning is the trend of how DoS
attacks got totally replaced by DDoS ones, my point is that the first
can be a much more sneaky one and easily go beneath the radar, compared
to a large scale DDoS attack. A single packet can be worth more than an
entire botnets population, isn't it?
How do you
think DDoS attacks should be prevented, active defense such as the
solutions mentioned, or proactive solutions? What do you think?
You can also go though other resources dealing with DDoS attacks and possible solutions to the problem :
Technorati tags :
security, information security, malware, botnets, DDoS, McAfee, Sophos, AntiVirus
