[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 29 March, 2005, 08:17 GMT 09:17 UK
Net fingerprints combat attacks
Escape key, BBC
Net firms hope to escape the worst of attacks
Eighty large net service firms have switched on software to spot and stop net attacks automatically.

The system creates digital fingerprints of ongoing incidents that are sent to every network affected.

Firms involved in the smart sensing system believe it will help trace attacks back to their source.

Data gathered will be passed to police to help build up intelligence about who is behind worm outbreaks and denial of service attacks.

Tracing attacks

Firms signing up for the sensing system include MCI, BT, Deutsche Telekom, Energis, NTT, Bell Canada and many others.

The creation of the fingerprinting system has been brokered by US firm Arbor Networks and signatures of attacks will be passed to anyone suffering under the weight of an attack.

Increasingly computer criminals are using swarms of remotely controlled computers to carry out denial of service attacks on websites, launch worms and relay spam around the net.

"We have seen attacks involving five and ten gigabytes of traffic," said Rob Pollard, sales director for Arbor Networks which is behind the fingerprinting system.

"Attacks of that size cause collateral damage as they cross the internet before they get to their destination," he said.

Once an attack is spotted and its signature defined the information will be passed back down the chain of networks affected to help every unwitting player tackle the problem.

FINGERPRINT USERS
Asia Netcom (Asia)
Bell Canada
BT (UK)
Energis (UK)
Deustsche Telekom (Germany)
EarthLink (US)
ITC DeltaCom(US)
MCI (US)
Merit Network (US)
NTT (Japan)
ThePlanet (US)
Verizon Dominicana
WilTel Communications (US)
Mr Pollard said Arbor was not charging for the service and it would pass on fingerprint data to every network affected.

"What we want to do is help net service firms communicate with each other and then push the attacks further and further back around the world to their source," said Mr Pollard.

Arbor Network's technology works by building up a detailed history of traffic on a network. It spots which computers or groups of users regularly talk to each other and what types of traffic passes between machines or workgroups.

Any anomaly to this usual pattern is spotted and flagged to network administrators who can take action if the traffic is due to a net-based attack of some kind.

This type of close analysis has become very useful as net attacks are increasingly launched using several hundred or thousand different machines.

Anyone looking at the traffic on a machine by machine basis would be unlikely to spot that they were all part of a concerted attack.

"Attacks are getting more diffuse and more sophisticated," said Malcolm Seagrave, security expert at Energis.

"In the last 12 months it started getting noticeable that criminals were taking to it and we've seen massive growth."

He said that although informal systems exist to pass on information about attacks, often commercial confidentiality got in the way of sharing enough information to properly combat attacks.




SEE ALSO:
Rings of steel combat net attacks
13 Jan 05 |  Technology
Have hackers recruited your PC?
17 Mar 05 |  Technology
Rise of zombie PCs 'threatens UK'
22 Mar 05 |  Technology
Threats on the net
07 Jan 05 |  Click Online
Worldpay struck by online attack
04 Oct 04 |  Business
E-commerce targeted by blackmailers
26 Nov 03 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific