Fireproofing Against DoS Attacks

Source: Network Computing

We're not going to start by quoting the over-inflated dollar amounts of damage supposedly incurred by popular Web sites in recent denial-of-service attacks. But we will say this: We've had to deal with the massive onslaught of packets brought to bear in similar DoS attacks, and they do cause serious pain. Of course, anywhere there's pain, there's a buck to be made, and in the past few months many anti-DoS devices have popped onto the market. These products claim to mitigate various forms of DoS attacks. At first glance they appeared to be a dream come true. But then reality set in, and we started to wonder: "Do they really work?"

Hoping to dispel our skepticism, we set out to test some of these devices to see how helpful they are. Over the course of a month we stocked our partner Neohapsis labs, in Chicago, with offerings from Captus Networks Corp., Foundry Networks, Mazu Networks, Radware, Reactive Network Solutions and Top Layer Networks. And, of course, we had enough support hardware to add five degrees to the ambient temperature.

Next we formulated a testing game plan, including the use of various common DoS attacks (see "How We Tested Anti-DoS Devices" and "DoS Dossier"). Common attacks were chosen to test the analysis and mitigation capabilities of the devices, which were graded based on how much attack traffic they filtered/stopped -- and on how much legitimate baseline traffic was also filtered/ stopped in the process. The premise is simple: The ultimate mitigation is unplugging your Web server or stopping all traffic to it. Yes, you stopped the attack. Yes, you may have saved your server from meltdown. But you're also losing all your potential customers. That's not good, which is why devices that were able to stop the most attack traffic while having the smallest impact on legitimate traffic were graded higher than devices that blocked a lot of legitimate traffic while filtering the attack