Telus fight back against DoS threat

Telus Corp. has become the first known carrier to make a major commitment to deploying equipment that will protect its Internet backbone and customers from a range of denial-of-service attacks.

The company is deploying Arbor Networks Inc.’s DoS product, Peakflow DoS, which fights off a variety of DoS attacks, including distributed DoS attacks, in which IP floods directed from hundreds of sources by a single attacker can quickly overwhelm servers and routers. Arbor Networks competes against Mazu Networks Inc., which specializes in distributed DoS network defense.

Telus’s step to combat these threats is winning approval from industry analysts.

“Hopefully, this will provoke the other service providers to step up to the [distributed DoS] problem” said International Data Corp. analyst Allan Carey. “This is definitely a competitive differentiator for Telus.”

Large-scale DoS attacks cause conspicuous network outages from time to time, such as the attack a few weeks ago that left unavailable for hours. While there is industry-wide debate about whether to filter out attack traffic near the Web site or farther “upstream” in the ISP’s network, Carey said that will become clearer after more real-world experience is gained.

“It’s probably apt to use the analogy to antivirus protection: deploy protection at both the gateway and the host level, wherever you can,” Carey said, adding that customers want to see ISPs improve their defense on DoS.

Telus has initially deployed Arbor’s Peakflow DoS equipment on multiple OC-3 links at four major hubs on its Internet backbone. The Arbor anti-DoS equipment will detect and analyze traffic traveling through high-speed Cisco Systems Inc. routers, said Leonard Hendricks, director of marketing at Telus. These hubs in British Columbia, Alberta and Ontario can collect data from across larger Canadian cities to recommend appropriate action should a DoS attack be detected. Until now, Telus engineers were forced to do this type of “analysis manually, Hendricks said.

“A denial-of-service attack can be difficult to nail down,” Hendricks said. “In the past, we had a reactive approach.”

A customer might phone for help in fending off what was suspected of being a DoS attack on a Web site, and Telus engineers would look at the routers and try to block it. In the case of such attacks, “it could take some time to find out if it’s an attack or just a hardware failure,” Hendricks said.

In the few months since Telus deployed the Arbor equipment, the carrier has gotten a better picture of what’s happening in terms of the DoS threat.

“We discovered we can see a lot more attacks than we had been able to in the past,” Hendricks said.

Although Arbor’s Peakflow DoS, which works by analyzing traffic through routers, can be configured to automatically take action against a perceived attack by blocking traffic streams, Telus prefers that any blocking “be done by humans,” Hendricks said. “The big fear is that an automated system could block out legitimate traffic.”

Telus initially is deploying the anti-DoS equipment to protect its core backbone, and in the next few months will be deploying additional Arbor gear at the edge of customer networks and in its Web-hosting centres. The project is costing Telus less than US$2 million, according to Hendricks.

Telus sells services to Canadian ISPs that are likely to be attracted to the carrier’s ability to analyze DoS attacks more efficiently, he added.