Leading global telecommunications companies, ISPs, and network operators will begin sharing information on Internet attacks
as members of a new group called the "Fingerprint Sharing Alliance," according to a published statement from the new group.
The companies, including EarthLink, Asia Netcom, British Telecommunications, and MCI, will share detailed profile information
on attacks launched against their networks. Information to be shared will include the source of attacks. The alliance will
make it easier for ISPs and network operators to crack down on global Internet attacks more quickly, according to Tom Schuster,
president of Arbor Networks, which launched the new alliance.
The Fingerprint Sharing Alliance uses technology from Arbor called Peakflow to spot network attacks and automatically generate
a profile, or "fingerprint" of the attack in a standard data file format called PCAP. That fingerprint information is passed
along to other service providers closer to the source of the attack, which can then block the source of the traffic, he said.
Arbor wrapped features that support the Fingerprint Alliance into the last release of Peakflow, which came out at the beginning
of 2005. Alliance members have been using Peakflow to share attack fingerprints since then, Schuster said.
The alliance replaces an ad hoc system of e-mail messages and phone calls that operators of large networks use to coordinate
their response to attacks and threats, Arbor said. Because communication has been cumbersome, ISPs, and network owners have
had no incentive to share attack information.
The alliance will make it easier for them to cooperate, which will also lower the threshold that attacks must pass to get
the attention of ISPs, so that even attacks on small ISP customers prompt response from large infrastructure providers. Peakflow
also scrubs the data in fingerprints, so alliance members cannot use them to sniff sensitive information on competitors, according
to Schuster.
"People are realizing that the world is a connected place. We have to empower service providers at the point of origin to
have zero tolerance," he said.
Cracking down on those behind even small attacks may also improve the overall health of the Internet and quell raging problems
such as "botnets" of zombie computers that are used in large-scale attacks, according to Schuster.
Membership in the alliance is not limited to Arbor customers or Peakflow users. Network owners that are not Arbor customers
can generate their own fingerprints and accept PCAP-format fingerprints generated by Alliance members. However, Arbor's technology
"speeds up the process considerably" by automatically creating and distributing the fingerprints.
All current members of the alliance are Peakflow customers, and the company's roster of global ISPs gives the program bite,
Schuster said.
The alliance is a first step in addressing the problem of Internet attacks. Arbor hopes that the participation of leading
ISPs will compel competitors, as well as smaller network owners, to take part as well.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
