Looking to move the fight against Denial of Service attacks away from attack targets and back to their source, Cs3 Inc. Wednesday announced the release of its Reverse Firewall network device.
The Reverse Firewall sits between the Internet and the network it's protecting and limits the flow of outbound information from the network in order to prevent systems from being used for Denial of Service (DoS) attacks, said Krishnamurthy Narayanaswamy, Cs3 co-founder and chief technical officer.
The device is able to do this by using Cs3's "fair service scheduling" technology which distributes available bandwidth equally across all outbound connections, rather than allowing just one connection to hog it all as an attack traffic would, he said. Fair service scheduling also puts a priority on two-way connections, that is, connections in which two computers are participating, rather than the one-way data flows which would characterize attack traffic, he said. The device can also help administrators identify both attacks and machines that may have been taken over for use in attacks, by notifying administrators when large amounts of suspicious outbound traffic are being sent, he said.
Denial of Service attacks are those in which a target system is flooded with false requests for information with such volume that it is unable to answer legitimate requests. The more intense version of the attack, the Distributed Denial of Service (DDoS) attack uses multiple computers worldwide to attack a single target. DDoS attacks knocked offline such major Web sites as Amazon.com, Yahoo.com and EBay.com in Feb. 2000.
Cs3 took the approach of limiting outgoing traffic, rather than trying to protect individual sites or networks with anti-DoS devices because it sees DoS attacks as infrastructure, rather than site problems, Narayanaswamy said.
By targeting sites with large numbers of installed computers, such as ISPs (Internet Service Providers), enterprises and universities, Cs3 hopes to help safeguard not only machines that might be attacked using these networks, but also to protect the machines on these networks whose bandwidth would likely be eaten up by an attack, he said.
The Reverse Firewall is available immediately worldwide and costs US$4,000. Larger networks might need more than one device, Narayanaswamy said.