What To Do?
Traditional security solutions are often outwitted by DoS attacks. Firewalls and Intrusion Detection Systems (IDS) are designed to detect attacks against individual Web servers or hosts -- not the network infrastructure.
To combat this, several companies have worked on solutions specific to DoS attacks. Arbor Networks helped pioneer this field with their product, PeakFlow DoS, which deploys data collectors which analyze traffic flow (before it reaches the enterprise's routers or firewalls) and searches for anomalies. Such intelligence is forwarded to a controller, which in turn attempts to trace the attack back to its source. In the meantime, the controller sends filter recommendations to the network managers, which can be deployed to attempt to divert the attack. Prices for enterprise deployment begin at $130,000, and there are plans to provide similar protection as a monthly-billed service for smaller networks.
Tripwire's Tripwire for Routers takes a more modest approach of monitoring a Cisco router's startup and configuration files, and notifying you of any changes from that device's trusted state. (The router needs to be running IOS 11.3, 12.0, or 12.1.) It is currently only available for Solaris 7 or 8 workstations; a Windows 2000 version is forthcoming. Pricing is scaled based on how many routers will be covered, and an evaluation version of the software is available for download.
On the low end, some common sense is your first, and perhaps your best defense. Make sure you're aware of every connection from the outside world that has access to your router. Be sure that you have changed the default security configurations, especially the password. We have more information in Protect Your Network From a DoS Attack.
These new trends in DoS attacks demonstrate that threats to availability of service -- be they against a network or the Internet at large -- are likely to become more sophisticated as time goes on. Aside from the impact on your network, lack of diligence on router and infrastructure security could make you an unwitting conveyor of DoS attacks. Stay aware of developments, and hold yourself accountable for your network's security on all fronts, and you should be able to avoid disaster.
This product briefing was first published on CrossNodes, an internet.com site.