In the battle to stop Distributed Denial of Service (DDoS) attacks, a flood of new products have been offered recently. Many of these products offer a faster response to DoS attacks, but few promise to actually stop them. Newcomer Mazu Networks, however, unveiled a product Monday, which, if the company's claims are to be believed, does just that.
The product is the TrafficMaster line of anti-DDoS devices, a series of 1u (1.75 inch) tall devices which are installed as deep into a network as possible. Mazu is targeting the service provider, data centre and enterprise markets, the very areas of the network where stopping attacks is likely to have the most effect.
DoS attacks are attacks in which the target system is flooded with false requests for service, thus denying legitimate users access; such attacks using more than one computer are called Distributed Denial of Service attacks, or DDoS.
These attacks are not always as simple to stop as keeping a single site from being taken offline, according to Christine Washburn, the vice president of marketing at Mazu. If a company's servers are located in a third-party data centre, not only might the target company be knocked offline, so might other companies in the data centre. So, being able to pinpoint and stop attacks, as Mazu says its system can, is crucial, she said.
"The key issues (in this area) are really availability and uptime," she said.
Mazu's first product, the TrafficMaster Inspector for DDoS, is a passive monitoring device based on IBM NetFinity hardware that does not sit in the data path, and therefore does not cause any potential performance or reliability problems in a network, Washburn said. The TrafficMaster Inspector performs anomaly-based detections, determining whether an attack is in progress by comparing current traffic to a baseline obtained by studying the network. Such a baseline is generally prepared within 24 hours of installing the device, she said. The longer the device is installed on the network, the better baseline it develops, making the system smarter, she said.
Additionally, thanks to a feature called provision monitoring, TrafficMaster Inspector allows administrators to easily isolate the specific application or customer under attack rather than requiring multiple devices or long downtimes, according to the company.
Anomaly detection allows Mazu devices to identify bad packets and anomalous or attack traffic and alert administrators quickly, Washburn said. Administrators are able to take action to remove packets or fight the attack after they are notified of anomalies in the network by e-mail or pager, she said.