Language Selection

English French German Italian Portuguese Spanish

ISPs join to 'fingerprint' Internet attacks

Filed under
Security
Web

Leading global telecommunications companies, Internet service providers and network operators will begin sharing information on Internet attacks as members of a new group called the Fingerprint Sharing Alliance, according to a published statement from the new group.

The companies, including EarthLink Inc., Asia Netcom, British Telecommunications PLC and MCI Inc., will share detailed profile information on attacks launched against their networks. Information to be shared will include the sources of attacks. The alliance will make it easier for service providers and network operators to crack down on global Internet attacks more quickly, according to Tom Schuster, president of Lexington, Mass.-based Arbor Networks Inc., which launched the new alliance.

The Fingerprint Sharing Alliance uses technology from Arbor called Peakflow to spot network attacks and automatically generate a profile, or "fingerprint," of the attack in a standard data file format called PCAP. That fingerprint information is passed along to other service providers closer to the source of the attack, which can then block the source of the traffic, Schuster said.

Arbor wrapped features that support the Fingerprint Sharing Alliance into the last release of Peakflow, which came out earlier this year. Alliance members have been using Peakflow to share attack fingerprints since then, Schuster said.

The alliance replaces an ad hoc system of e-mail messages and phone calls that operators of large networks have used to coordinate their response to attacks and threats, Arbor said. Because communication has been cumbersome, ISPs and network owners have had no incentive to share attack information.

The alliance will make it easier for them to cooperate and will lower the threshold that attacks must surpass to get the attention of ISPs. Even attacks on small ISP customers will prompt a response from large infrastructure providers. Peakflow also scrubs the data in fingerprints so alliance members can't use them to sniff sensitive information on competitors, according to Schuster.

"People are realizing that the world is a connected place. We have to empower service providers at the point of origin to have zero tolerance," he said.

Cracking down on those behind even small attacks may also improve the overall health of the Internet and quell raging problems such as "botnets" of zombie computers that are used in large-scale attacks, according to Schuster.

Membership in the alliance is not limited to Arbor customers or Peakflow users. Network owners that are not Arbor customers can generate their own fingerprints and accept PCAP-format fingerprints generated by Alliance members. However, Arbor's technology "speeds up the process considerably" by automatically creating and distributing the fingerprints.

All current members of the alliance are Peakflow customers, and the company's roster of global ISPs gives the program bite, Schuster said.

The alliance is a first step in addressing the problem of Internet attacks. Arbor hopes that the participation of leading service providers will compel competitors, as well as smaller network owners, to take part as well.

By Paul Roberts, IDG News Service.

More in Tux Machines

today's howtos

Tizen in Bolivia and India

Security Leftovers

  • Security updates for Wednesday
  • Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)

    On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

  • What's got a vast attack surface and runs on Linux? Windows Defender, of course
    Google Project Zero's Windows bug-hunter and fuzz-boffin Tavis Ormandy has given the world an insight into how he works so fast: he works on Linux, and with the release of a personal project on GitHub, others can too. Ormandy's project is to port Windows DLLs to Linux for his vuln tests (“So that's how he works so fast!” Penguinistas around the world are saying). Typically self-effacing, Ormandy made this simple announcement on Twitter (to a reception mixing admiration, humour, and horror):
  • Hacked in Translation – from Subtitles to Complete Takeover
    Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
  • A Samba remote code execution vulnerability
    Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.

KDE, Qt, GTK and GNOME News

  • KDE Plasma 5.8.7 LTS Desktop Environment Released with over 60 Improvements
    KDE has announced today the release and immediate availability of the seventh maintenance update to the long-term supported KDE Plasma 5.8 desktop environment. KDE Plasma 5.8.7 LTS is now considered the latest stable and most advanced version of the KDE Plasma 5.8 LTS (Long Term Support) desktop environment, which some of you out there are probably using on your favorite GNU/Linux distributions instead of a short-lived branch like KDE Plasma 5.9 or the upcoming KDE Plasma 5.10 release.
  • Summer of Coding!
    After a month of dread and panicking about the fact that Google Summer of Code results are announced in the middle of exam season... I'm happy to say I'll be doing the Rust plugin for KDevelop!
  • Qt 5.9 Release Candidate Available For Testing
  • Qt 5.9.0 RC released
    We have released Qt 5.9.0 RC today. You can update it at the top of your Qt 5.9 beta(4) online installation or do clean installation by using qt online installer. Detailed instructions here: https://wiki.qt.io/How_to_get_snapshot_via_online_installer .
  • The Road to GTK+ 4 Continues, New Milestone Adds Initial OS X and Meson Support
    A new milestone was released recently, GTK+ 3.91.0, which adds quite a bunch of improvements and bug fixes, but also some new APIs and compatibility with other supported operating systems besides those based on the Linux kernel. For example, GTK+ 3.91.0 implements initial support for Apple's macOS platform, which will make it possible to run apps written in GTK+ 4 on OS X.
  • Epiphany Browser Updated for GNOME 3.25.2 with New Shortcuts for Switching Tabs
    Ahead of today's GNOME 3.25.2 desktop environment development release, the team of developers behind the Epiphany web browser have released the second milestone towards the Epiphany 3.26 stable series, due out later this year.