Users put early anti-DDoS tools to test

Mazu Networks Inc., one of several young companies with products designed to combat distributed denial-of-service attacks, this week will make its new traffic-filtering appliance generally available. Even more impressive, the company is touting the first two enterprise network customers to publicly declare their willingness to spend money on such a product.

Both Viacom Inc.’s MTVi Group, which runs the Web site for MTV fans, and the New York Mercantile Exchange (NYMEX) are putting Mazu’s TrafficMaster Enforcer to use in hopes of stopping cyberattacks on their networks.

Distributed DoS attacks can effectively shut down Web-based businesses by flooding their systems with unwanted IP traffic, the sort of traffic Mazu’s Fast Ethernet or Gigabit Ethernet LAN-attached offering is designed to filter out.

“We have the device set to automatically throttle back traffic when it detects SYN floods,” says Brian Amirian, director of hosting at MTVi, referring to one of many types of DoS attacks. The device is also set to filter out all Internet Control Message Protocol floods, he says.

MTVi installed Enforcer a month ago in front of its ArrowPoint load-balancing switches, which distribute requests from 5.9 million visitors each month across a Web server farm.

“Rate limiting prevents the load balancers from being attacked,” Amirian says.

So far, MTVi hasn’t faced the worst type of DoS attack, referred to as a massive distributed DoS attack, in which IP floods emanate from hundreds of sources, usually compromised machines under the remote control of an attacker. However, Amirian says his organization will depend on Enforcer to be ready for such attacks.

ISPs, he adds, have so far shown little willingness to tackle DoS problems.

Equipment from Mazu, and competitors such as Arbor Networks, Asta Networks and Captus Networks, can be used by ISPs or enterprise network customers.

NYMEX officials wouldn’t speak in depth about the exchange’s use of Enforcer. But in a statement, Tom McMahon, vice-president of technical engineering and information services, made clear his company’s incentive to boost defences.

“The threat of cyberterrorism has unfortunately become a harsh reality for businesses,” he said. “We needed to be sure our commodities-trading services were resilient to the dangers of [distributed] DoS attacks as we re-established our operations.”

NYMEX, which is located across the street from what remains of the World Trade Center, halted trading after the Sept. 11 attacks, but has since resumed operations. NYMEX purchased Enforcer, but has Exodus Communications managing and monitoring it, sources say.

MTVi’s Amirian says the terrorist attacks did not figure into his decision to add anti-distributed DoS equipment to protect the MTVi Web servers. But Mazu CEO Phil London says the attacks have made network security a higher priority for companies.

“Since then, the level of urgency has increased,” London says, noting that enterprises and ISPs are moving quickly forward with their testing and evaluation of Mazu devices.

The company also sells an appliance called TrafficMaster Inspector, primarily for use by service providers to analyse the nature of an attack over their networks, but it lacks filtering capabilities.

Mazu can be reached at