Slashdot Mirror

← Back to Stories (view on slashdot.org)

NZ Firm Shows Anti-DDoS Tool

Posted by timothy on from the it's-only-a-model dept.

An Anonymous Coward writes: "ComputerWorld NZ is covering a story about a New Zealand company, Esphion Ltd having coverage at the recent JWID (Joint Warrior Interoperability Demonstration), with their anti-DDoS tool. From the article (here), it looks like it seems to work pretty well."

4 of 110 comments (clear)

  1. Re:I wonder if any anti-DDoS tool would help... by ymgve · · Score: 5, Insightful

    I know you were joking, but the answer is no. The problem with a slashdotting is that it is completely legitimate traffic from tens of thousands of different sites. As far as I figured it out, these guys dynamically block IPs that are identified as DDOS participants (Since a DDOS has far lesser 'attackers' than a slashdotting) and can then make the network more resistant to all the traffic.

    (On the other hand, the slashdot effect often takes place because of the stress on the server, not the connection pipe itself, so a simple referrer denial would limit the effect rather much)

  2. New Kind of Attack by OffTheRack · · Score: 4, Insightful

    If the up-stream blocking controls have security flaws, a new kind of attack might become popular: wall off sites instead of flood them.

    Could be nasty if not done right.

  3. I guess by MrFredBloggs · · Score: 4, Insightful

    someone will target them now, to test their claims!

  4. Statistical != good by Quixote · · Score: 4, Insightful
    The problem with such 'statistical' tools is that statistics can easily be faked. For example: since they are looking for a 1:1 ratio between SYNs and FINs, all the DDoS initiator has to do is alternate between SYNs and FINs.

    Also, as others have mentioned, there's not much anyone can do about faked source IPs. Egress filtering would be a way to counter this, but for some reason not many ISPs do it.