Hello Derek and thank you for taking the time out of your busy schedule to do an interview with me.

Hey Ross, no problem thanks for having me. After all we do know each other pretty well after that run at the stri……wait is this being recorded?

Gigenet has been around since 1998 doing filtering for IRC clients. With your new site launch you guys have offered a new service called ProxyShield which is more of an enterprise grade product. What is ProxyShield? How does your regular filtering and Proxy Shield differ?

Actually, the Proxyshield service has been around for about 2 years now, marketed on some of our sister sites like DDoSProtection.com and GigeServers.com. Although it has been designed to be highly-scalable in order to mitigate the large attacks that big organizations encounter, we’ve found that the majority of our clients are small to medium sized businesses. Being that it is service-based, rather than a hardware device, it is much more affordable and easier to implement, which is appealing to companies on a lower budget. The Proxyshield Lite service is a server-based solution, which provides DDoS mitigation only for bandwidth-intensive attacks, attacks that attempt to saturate your network connectivity.

The Premium solution is a more advanced offering that is resilient to complex service-based attacks such as HTTP GET attacks that fool the web server into thinking it’s being overloaded with legitimate traffic to the victim’s website. Our Premium service is able to distinguish between real visitors and harmful bots. In addition, Proxyshield Premium does not require the end user to host with us. They simply point their DNS to one of our proxy servers so that it appears as if they are hosting with us so all traffic to their website first goes through our scrubbers before being passed on to their real web server. Illegitimate traffic is dropped at our network so that real users can still access the website and not experience any interruptions.

Traditionally companies that need DDoS protection are e-tailers or online gambling sites. Do you see this trend changing anytime soon? Will the market open up more as cyber extortion becomes more prevalent?

Many people have the idea that only high-risk or high-profile websites are susceptible to DDoS. In reality, we have people coming to us with websites all over the spectrum. E-tailers, financial sites, news and informational resources, even blogs! DDoS is already very prevalent, however the media has skewed the public’s idea of who is at risk because they tend to only want to report on the more high-profile victims of DDoS. Everyone is a potential victim, because DDoS attacks are instigated by not only money, but by hate, retaliation, contest, or even out of plain boredom.

In November the U.S. government sent out a warning to banks and financial institutions that Al Qeada was planning cyber attacks. Do you see the war on terrorism expanding to cyber space? Are these kind of alerts a wake up call to companies to protect their cyber infrastructure and do you see it dramatically increasing sales of managed security services?

At this point in time I do not believe that terrorism is a driving force behind cyber attacks. However, I have seen controversial websites that focus on reporting or debating terrorism to have fallen victim of DDoS. It is unclear as to who initiated the attacks or why they were attacked.

With many dedicated server providers such as EV1/ServerMatrix, SoftLayer, etc. including DDoS protection why do companies need ProxyShield? What does your service offer that their protection doesn’t?

A few large dedicated server providers are known for offering DDoS protection as an add-on to their main service. To what extent they will protect you is something they usually do not clarify. Based on my own experience, these companies usually implement some type of intrusion detection device like the Cisco Guard XT. While these devices do offer some basic protection, they are limited in how effective they are and the scale of attacks that they can mitigate. I’ve heard quite a few times that if an attack is too large or too complex (which most are), that the basic DDoS protection provided by these companies will not suffice, and many times their solution is to null the victim’s IP, which in effect made the attack successful (the website is no longer accessible).

There are a couple of providers in the enterprise filtering category one of the leaders being Prolexic. With Prolexic’s CTO Barret Lyon leaving who was pretty much the driving force behind the company do you see this as your chance to grab some of their market share? Why do you think you can offer a better service experience than Prolexic or others?

Doing a Google search, I only found Prolexic and Proxyshield as service-based DDoS mitigation solutions. Everyone else is trying to sell some form of hardware device, which as I mentioned before have strict limits on their ability to adapt to new attacks and handle attacks of large scale or complexity. Not only do I believe that we offer a better service in terms of success rate than any other providers, our service is very affordable to almost all web businesses. Most businesses cannot afford to pay 5-10 thousand dollars per month and be locked into a contract for DDoS protection, and that is why ProxyShield is so successful. The service starts at just $1000/mo and our customers can cancel once the attacks stop. In fact, I’m so confident that our service is superior to anyone else’s, that we will guarantee that the attack is stopped, or our customers do not pay.

What is the biggest attack that you guys have successfully filtered out? How long did it last? What is the most typical type of attack you see? Typically in a given day how many attacks do you guys filter out for your clients? Any other useful information you can provide?

We have successfully filtered out attacks that are over 10 gigabits in size. While most attacks last only a few days, we have some attacks that have not let up for months. Most service based (HTTP) attacks are generally under 20Mb/s in size, however bandwidth based attacks can exceed 5 to 10 Gb/s in size.

One of the big topics of the year has been recursive dns and dns amplification attacks. How prevelant are these attacks, are they becoming more common and how destructive are they really?

Joker.com, one of the largest European domain registrars, fell victim to a large-scale DNS recursion/amplification attack a few months ago. Thousands of their customers went offline as a result of Joker’s DNS servers being inaccessible. We arranged to filter these attacks in order to help get Joker’s customers back online. DNS attacks are starting to get very common, and their wide reach has an ability to affect tens of thousands of people by attacking a single source. This is one type of DDoS that the internet community as a whole should pay more attention to.

With the security of Microsoft Windows increasing do you see botnets becoming smaller or the amount of packet kiddies decreasing? Will they have to become more sophisticated and include linux botnets into their network to successfully take out their targets? How are these guys going to succeed if the hosts they use to attack targets become more secure?

Hahaha! (Derek lets out a deep belly laugh) I’m sorry but I had to laugh at that. According to internetworldstats.com only 16.6% of the entire world population has access to the internet. As more and more people get connected, it will only provide hackers with more resources to carry out their attacks with. Since DDoS drones are essentially Trojan-infected computers, the increase in new and inexperienced PC owners will proportionately result in the increased number of infected machines, or drones that are part of a DDoS botnet. I honestly do not believe that we will see a decrease in DDoS any time soon.

How can we as an industry work to improve the security of the internet to make it harder for these packet kiddies and cyber extortion groups?

That’s an excellent question, and unfortunately I don’t know the answer to that. I think that in order to find an effective solution to DDoS we will need proper education, and cooperation amongst not only end users (who get infected), but ISP’s and government agencies as well. If more internet service providers better understood the implications of DDoS, they might be more inclined to invest their time and money in ensuring that DDoS attacks are not launched from their networks.

Which are cooler pirates or ninjas?

I had to get additional input on this question, and the majority of the guys here at Gigenet agree that ninjas are much cooler than pirates. Pirates do have hooks and singing parrots, but ninjas will launch a throwing star into the back of your head before you even know they were in the room.

Do you have anything else to say to the readers of The Host Guru?

There is no final solution to DDoS, no end-all cure. But, there are some great solutions that are available to help protect people from DDoS. You don’t have to be a Fortune 500 to be able to afford such protection either. Whether you go with a hardware mitigation device, a dedicated server provider that offers a basic protection plan, or a service that specializes in DDoS mitigation (like ProxyShield), make sure that you do proper research and choose a solution that will be a good fit for you and your business. DDoS can be very expensive, so I try to encourage all business owners to take out a cheap insurance policy on their website by investing in a DDoS mitigation solution as part of their IT infrastructure. You wouldn’t drive a car without proper coverage, and you shouldn’t run a business without it either. By proactively protecting your website from DDoS, you will save an exponential amount of time and money due to lost revenue, upset customers, and a tarnished reputation later on when your site is under attack.

Gigenet

This entry was posted on Tuesday, December 19th, 2006 at 5:39 pm and is filed under Interviews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.