McAfee offers botnet protection

News Analysis

McAfee offers botnet protection

McAfee has become the first hardware supplier to use a new technique that it claims can protect companies from the threat of botnet-launched distributed denial-of-service (DDoS) attacks.

DDoS attacks typically use armies of hijacked PCs to target a server or Wan link with large amounts of incomplete SYN packets from false addresses, which are difficult to stop if the system cannot separate them from legitimate traffic or identify the source.

Unlike conventional DDoS detection systems, which rely on statistical analysis of traffic, the first layer of the new Advanced Botnet Protection (ABP) intrusion-prevention system (IPS) uses a proxy to pass or block packet traffic dependent on whether or not it is ‘“complete’.

Many IPS systems also track the number of attempts at connection, but this can be overwhelmed if specifically targeted by an attacker. A sophisticated attack like this - flooding servers with non-legitimate ACK or acknowledgement packets generated in response to SYN traffic - is dealt with by the ABP using an established encryption scheme used in the Linux environment, called SYN cookies.

The new protection module was rolled out in December as a free software upgrade to all subscription customers of the IntruShield intrusion prevention appliances.

Any new technique that can prevent the march of the botnets has to be welcomed. It would be tempting to say even isolated attacks would be preferable to the rather sinister hijacking of an army of PCs.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy