Consortium Builds Super Firewall to Stop DDoS

Computer researchers in Europe are developing a new prototype architecture for halting distributed denial-of-service (DDoS) attacks, where a barrage of traffic is directed at a website or server to shut it down.

The Diadem Firewall deploys both hardware and software on the edge of a provider’s network rather than within, said Georg Carle, chairman of the computing and Internet department at the University of Tubingen in Germany.

Diadem uses data filtering and intrusion-prevention technologies to detect rogue activity, then coordinates an automatic reaction based on policies, Carle said. Current firewalls don’t incorporate policies into their capabilities, he said.

When suspicious behavior is detected, a network can then cut off certain computers that appear to be violating policies, such as a machine that suddenly consumes a dramatically higher amount of bandwidth, Carle said.

Diadem could prove worthy in the fight against DDoS attacks, which often involve thousands of hacked computers across the Internet working in concert to attack another machine. The attacks are often hard to trace.

Cybercriminals have used DDoS attacks as a threat, particularly against online gambling sites expecting a rush of business around a sporting event, to extort businesses. Those criminals often control networks of computers they have commandeered through software faults of computers connected to the Internet to carry out the attack.

“The significant number of non-protected equipment connected to the Internet provides a very fertile ground for the recruitment of new agents and the automation of the attacks,” according to the Diadem website.

The project, which started in 2004, was budgeted at 3 million euros (US$3.8 million) and received funding in part from the Information Society Technologies, a European Union organization that coordinates IT programs. It has been extended for three more months, Carle said.

Diadem hasn’t resulted in a product, but rather a group of technologies that could be employed in different ways, Carle said. The project mandate called only for a prototype, and France Telecom and Polish Telecom are expected to begin testing Diadem by September.

Diadem could be particularly effective for ISPs who have peered, meaning they have directly connected with one another to reduce the cost of moving data traffic.

Carle said both ISPs could share a common policy using Diadem, strengthening their effectiveness with a coordinated reaction to DDoS attacks.

“A large distributed denial-of-service attack may emerge from many different providers,” Carle said.

Those involved in the Diadem Firewall include France Telecom’s R&D department, the University of Tubingen in Germany, IBM’s Zurich Research Laboratory, Imperial College London, Groupe des Ecoles des Telecommunications in France, Jozef Stefan Institute in Slovenia and Polish Telecom.

-Jeremy Kirk, IDG News Service (London Bureau)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.