Major Carriers Ally to Share Attack Fingerprints

by Michael Hall

A new alliance will allow major carriers to share DoS attack information in real-time, helping ISPs nip disruptions close to the bud.

A new alliance led by Arbor Networks will allow network operators to share information about Internet-based attacks automatically. The company has announced support from a number of major carriers.

The Fingerprint Sharing Alliance has signed on 18 members so far, including Cisco, Earthlink, MCI, Rackspace, and British Telecom. The primary focus of the alliance will be distribution of attack profiles, or "fingerprints" among the members in real-time, using Arbor's Peakflow SP, a tool designed to thwart denial of service (DoS) attacks (define).

According to Arbor, alliance members will use Peakflow SP to analyze surges in network traffic to determine whether the activity is either legitimate "flash traffic" brought on by a planned event, or malicious activity that's the result of a DoS or worm attack. If the traffic is classified as malicious, a fingerprint will be generated and disseminated to upstream service providers for analysis and mitigation, "identifying and removing compromised hosts as close to the internet ingress points as possible."

Whitepapers and presentations on the new alliance are available on Arbor's Web site.

This article was originally published on Monday Mar 28th 2005