June 25, 2001, 11:06 AM — DDoS (Distributed Denial of Service) attacks are a rapidly growing problem for many network administrators. Attackers can easily launch crippling attacks from hundreds or even thousands of compromised hosts, making the attacks difficult to pinpoint and to defend against. Niksun Inc.'s NetDetector can alert network administrators to DDoS attacks and help them identify the sources and type of the attacks.
NetDetector is a network surveillance appliance for IP networks. It captures and records all packets, analyzing them for possible intrusion attempts and storing them in case they are needed for a forensics investigation. NetDetector continuously copies data from the network, time-stamps the recorded data, analyzes every packet, detects the activities of intruders, sets alarms for real-time alerting, and gathers evidence for post-event analysis and legal prosecution.
Although NetDetector is a powerful analysis and forensics tool, other products on the market may provide more help against DDoS attacks. With NetDetector, administrators still have to analyze traffic for the type and source of the attack. This process can take several hours, which may cost an organization thousands -- if not millions -- of dollars. Focused DDoS solutions, such as Asta Networks' Vantage, perform this analysis for you in a fraction of the time and even recommends defense strategies.
NetDetector can prove valuable not only for DDoS attacks but also for overall network surveillance. Its intrusion-detection capabilities and packet recording make attack analysis a simple process. Investigators can analyze the recorded packets to see what happened during the attack and which systems were targeted. By focusing this analysis and the subsequent recovery process, organizations can save time and money. Starting at $15,000, NetDetector is less expensive than some of the other DDoS solutions and deserves consideration.
NetDetector has four main elements: the Traffic Recorder, the Query Processor, the Alerter, and the Web GUI. The Traffic Recorder collects all of the traffic from the network interfaces and places it in permanent storage. The Query Processor analyzes the traffic once it has been recorded to respond to queries by the Alerter or by a user performing an ad hoc analysis. The Alerter is a background process that calculates traffic statistics to detect traffic anomalies and thresholds and alert administrators when problems are identified.
NetDetector can alert an administrator when a potential DDoS attack is under way. After establishing typical network loads and traffic volumes, administrators can have NetDetector monitor incoming traffic from the ISP and send alerts when the defined thresholds are exceeded.