Posts Tagged ‘DDOS’

I got this alert today that one of our local media outlets got hit with a possible DDoS.  Just a few miles from them sits PacketViper, LLC, and PacketViper, something which would have shutdown the attacking countries at their port without the need of an global outage.

By Francesco Trama

Surge in web requests temporarily shuts down Trib Total Media website

[read more]

Every Cyber Attack has one thing in common. They can be launched and distributed from around the world, giving the attacker limitless possibilities, mobility, stealth, and time.

PRLog (Press Release)Oct. 15, 2013PITTSBURGHNetwork attacks are an unfortunate reality for everyone, and regardless of the size of your business, eventually the odds are that you will become a target. The world is a big place and every  IP address in every country is another potential hacker that could cost you time and money.  At some point, when you weigh the heightened cyber-risks that certain countries pose versus the amount of business transacted, the prudent businessman asks himself “Do I really need all this network traffic?”

Ask the folks at Viper Network Systems, developers of PacketViper Geo-IP Network Filter and experts in geographical filtering and security, and you will surely learn that in fact you do NOT need all that traffic.  In fact, Viper Network Systems will quickly show you that not only are you taking a huge unnecessary and unwarranted risk by thoughtlessly accepting all traffic from everywhere,  they will show you how you can quickly and easily eliminate the risk without any negative impact on your business.

According to Francesco Trama, President and CEO of Viper Network Systems, “No matter what industry your business falls in, the fact is that a good percentage of the traffic your security environment is dealing with is unnecessary.”

And once again, unnecessary traffic is unnecessary risk.For example, suppose you have an employee VPN, HR, or some Admin portal. Does the whole world need access to it?  Chances are, right now they have that access whether you want them to or not.  That needs to change.

Consider a typical cyber-threat scenario.  Most network attacks start with a simple scan or probing of the target’s public network space. Often, these attacks scan the entire network range and attempt to analyze business links within your web portal to see who you know and with whom you communicate.

These scans give the attacker valuable information about what options they should pull out of their bag of tricks to deploy against the exposed network services. Once they identify what type of Web, Mail, DNS, or other discrete port or server is available, the attacker will attempt to penetrate your exposed ports and test them for vulnerabilities and kinks. And again, since these hackers could be anywhere in the world and they can access a global network of proxies, they work and scheme under the safety of anonymity of compromised PC’s and poorly managed public spaces around the world.  With the attacker’s endless possibilities to exploit, probe, and attack vulnerabilities with little chance of being caught, these criminals can scan millions of networks around the world at their leisure looking for the right opportunity to present itself.  Unfortunately, in the cyber-security world, for the present, time is on the attacker’s side, and reports prove that eventually, they will breach someone’s network.  The question is, will it be yours?

If that scenario seems depressing or the prospect of being sued for damages caused by a breach to your network keeps you up at night, maybe it’s time to turn the tables on the hackers with Viper Network System’s enhanced Geo-IP filtering that puts you back in control of who gets to access your network.

The power and genius of Viper Network System’s flagship product “PacketViper” stems from its unique capability to restrict countries to a specific network port bi-directionally.  This one-of-a-kind tool makes it possible to block, limit, redirect, or alert which network ports countries may access.  This makes PacketViper the industry standard in Geo-IP filtering and puts it light-years ahead of its competitors in terms of both its power to protect and its precision and flexibility to match filter settings to an individual business needs.  And while PacketViper is already the best Geo-IP filter on the market, Viper Network Systems proprietary Global Network Lists, Redirection, Country Triggers, and Network Alerts all come standard with the PacketViper system, providing comprehensive and flexible geographical filtering that shapes global network traffic to each customer’s needs.

Amazingly, with all that power, Viper Network Systems developed PacketViper to install seamlessly inline, in front of your existing security environment, with a low startup cost and with no need to modify anything else in your network or security setup. This is a huge benefit for those environments which need updated, hardened, or simply feel they need to do something more.

In a matter of minutes, your security environment can be dramatically hardened and improved without the need of complex policies or steep learning curves for new and expensive security devices. PacketViper’s low latency, transparent, and near wire performance is a formidable opponent for the cyber-criminal, but its user-friendly and intuitive format will allow your network administrators to harness its power without missing a beat.

Interested in adding this essential additional layer to your security environment? Can’t believe it can be this simple? Viper Network Systems has recently released several videos which show definitively how Geo-IP network filtering improves your security landscape, and how the entire process can be completed in a few minutes and clicks of a mouse.  You can’t afford not to take a look at this next-generation complement to your security network.

About Viper Network Systems

Viper Network Systems has developed PacketViper, a intelligent Geo IP Network Filter capable of bi-directionally filtering any country at the network port level.   PacketViper removes unwanted probing, fights against DDOS attacks, spam, dramatically improves network performance, and much, much more. With PacketViper on the front line, security environments are less congested and more effective.

About PacketViper:

PacketViper replaced complex geo-location filtering, and turned it into a practical tool against cyber crime and attacks. PacketViper’s new advances in bi-directional per-port filtering performed at the gateway eliminate unwanted network traffic before it enters the security environment.   This has proved to combat DDOS, spam, port probing, breaches, and scanning threats, all while reducing bandwidth usage and improving performance.

 

By Francesco Trama

Time and time again the question is asked “How Does PacketViper compare to a <Insert Firewall Name Here>?

We explain what we do, compared to what they do.  The very next sentence is We can do that now with <Insert Firewall Name Here>

Can you Really?

I’m going to explain the differences between <Insert Firewall Name Here> and PacketViper. What you have to keep in mind is PacketViper is designed to remove the traffic before entering the security environment. It quickly eliminates unwanted traffic to improve the performance throughout the entire security environment.  PacketViper’s sits inline, fail-open bypass, transparent Geo IP layer has a significant positive impact to every gateway, spam filter, mail and web servers, VPN portals, and so on. It immediately hardens even the most exposed networks with a few clicks, and no complex configuration.

Although many want to compare us to <Insert Firewall Name Here>, we are in the security layer to to help them work more efficiently. Our layer can do many different things which they can not offer because of their Layer3+ inspections. if you activated every feature to its fullest on <Insert Firewall Name Here>, what would the latency cost be to your traffic? I would say pretty great, not to mention log and alert overload, false positives, troubleshooting connection issues, and customer complaints.

Technically we are a firewall, but <Insert Firewall Name Here> is not a PacketViper,

CheckPoint IPS blade note from a commentator ” Please Note enabling the perform all IPS inspection on all traffic, can have a adverse effect on the performance of the firewall”

1. PacketViper is a inline appliance or software that operates transparent, and adds no network hop to the packet.

2. PacketViper looks “only” at the header information of the packet.  This is how we keep near wire speeds, negligible latency, and yet provide better details.

Explanation: PacketViper keeps its high performance by only looking at the header information that is then matched to our Geo Location database. <Insert Firewall Name Here> runs the packet through a gambit of tests, checks, patterns, and anything else you can imagine.

3. PacketViper is very simple to filter out unwanted country traffic.

Explanation:  PacketViper is one of the simplest devices to use, to filter unwanted traffic into the environment.  Looking at the <Insert Firewall Name Here> configuration is a challenge. I understand the devil is in the details, but when you are being flooded with email, web requests, DDoS, dictionary attacks, probes, or NMAP’s on a daily basis, so to us the devil is the common sense.  Do you really need someone from some country probing your VPN port? You see some firewall vendors show statements like;

4. PacketViper Triggers to prevent DDoS, By Country, Company, Network, IP, or Port.

5. PacketViper blocks countries by ports.

Explanation: Even though blocking a country is not new, the way we do it is. We do not just filter the country but rather the country, its ports bi-directionally, and some.  It is so simple with PacketViper you will wonder how this can be.  I found one video from Fortinet that was tolerable. The others would just lose you in the details trying to block a country at a port.

If you take a look at everything these super firewall and IDS systems do, it would amaze and awe anyone, until you get into them.  Like looking down from space at the earth its breathtaking. Until you get to the ground to find billions roadways, buildings, offices, rooms, closets, and alcoves. – Francesco Trama

6.  PacketViper can quickly redirect traffic based on the source IP, network, country, or Global Network List.

Explanation:  DNat is not a new thing, but with PacketViper you have a much more common sense method, and more details.

Aside from a constant labor intensive management, false positives, log overload, and long learning curve with complex firewalls. They are an absolute MUST in the security environment.  Which ever one you choose or have chosen, PacketViper will eliminate the pressure to and through them.  PacketViper eliminates the unwanted traffic hereby freeing up valuable bandwidth, and resources. PacketViper improves the entire security layer by removing the unwanted traffic through them.

Geo IP (Country) filtering is growing more and more popular given the distribution of global network attacks. IDS/IPS systems do their best in anticipating malicious network activities. Some of problems network security teams have experienced is extended implementation times, cost, learning curves, false positives, complex management, and how to deal with distributed large attacks or the speed in how attacks, viruses, and malware adapt.

Intrusion Detection/Prevention Systems (SecurityWizardy.com)
Intrusion Detection Systems form a small but critical piece of the computer security jigsaw, alerting to intrusions and attacks aimed at computers or networks.  They’re not the computer security panacea.  But, they are your eyes and ears, essential in knowing whether you are under attack. Intrusion Prevention Systems take this concept to the next level and sit inline blocking the packets you tell them to based on signatures as per the IDS.  They can be highly effective as a defensive tool but need to be configured with great care and attention in stages…… Read More

Unfortunately there is no silver bullet in network security! Network Security needs to be approached in layers, and most will say it should look like this:

  • Firewall /NDIS (network Intrusion and Detection)
  • Email Scanning
  • Web Security
  • Sever Level Virus
  • Workstation Virus
  • Patch Updating Systems
  • Attentive Employees
This is where I believe security environments fall short, and why Geo IP (country) filtering layers are vital in the network security. I’m not saying to throw some broad stroking country blocker into your environment, what I am saying is having a robust Geo IP  filtering system, which is granular and simple to operated! Blindly blocking country ranges is just not practical if you are a global business.

Our security layer looks like this

Image

I’ve seen several vendors which have integrated Geo-IP filtering into their appliances, but when you actually start using their Geo-IP tools you quickly realize their Geo-IP is not the products strong point. Some would say it was added only for marketing reasons, even not taken seriously.

In the small Geo IP (country) blocking market there really is not too much to choose from. It seems most of the products consist of downloading some sort of list regularly, then applying them to a firewall. The lists come in many different formats to accommodate the varieties of firewall systems. There are many problems with these services like accuracy, manual updating, implementation complexity, support, and troubleshooting to name some.

I’ve also seen services, which provide you code for your web site. The code is inserted into your web pages, and as traffic accesses your web service, it’s evaluated, and filtered like a country RBL. These types of services, although creative seem they would generate more traffic, just like RBL services do. I’m sure in a very small percentage would be useful useful, but high-volume web servers would suffer. Not to mention you are only protecting the web server, and it would need to be applied to all web servers. The few hardware-based products I found range from; little to no country filtering smarts, to price points in excessive of 75K. The higher priced product I found seems to claim 50-100K is the right price for country filtering? I would emphatically disagree.

Because we do not to have many choices when it comes to Geo IP (country) filters, we could conclude country filtering is not really important to firewall manufacturers. In fact, it seems the perception is ” Geo IP (country) blocking is impractical ” and unnecessary in some circles. I couldn’t disagree completely.

If I would tell you there is a product which;

  • Low cost
  • Inline and Transparent
  • Fail open NIC’s
  • Used on your own hardware
  • Filters countries by port bi-directionally
  • Includes alerts, country/network/ip triggers, honeypots, tarpits, country redirection
  • Complete with its own global network lists of well known/bad networks
  • Web based and accessible from mobile devices
  • Purchased as an appliance or downloadable software
  • Works in VM Environments.

Wouldn’t you get it immediately?

Viper Network Systems (VNS) launched a product called PacketViper in 2011 we does exactly what everyone has been missing, per port geo IP filtering,  The product quickly installs into most hardware platforms, or can be purchased as an appliance. PacketViper likes to sit in front of the security environment, to clean up the unwanted traffic before entering.

Viper Network Systems ripped a few pages out of VMWare ESXi, and released PacketViper Starter. It’s completely free, and never expires. You wonder what the catch would be? No catch other than some limitation on how many countries you can block at once, NetCheck (IP Search/Block feature), Global Network Lists are limited, and a couple of other minor limitations. Other than that the product is free to use.

PacketViper was built for security teams to quickly respond to global threats in real time. Frank Trama, President & Co-Founder whose roots stem from network administrations, design, and management found there was need that needed to be filled. Partnering with Dan Gynn, now Chief product Officer & Co-Founder turned this need into an incredible and practical product call PacketViper, a security layer I cannot see my network without. The products’ focus is Geo IP (country) filtering with a style and grace not seen in any other product in the market today. PacketViper fills the gaps which all environments are missing.

PacketViper blocks countries by simply clicking on a map, setting which ports to block/allow (all or some), and clicking apply. It’s really that simple. There is so much more though like real time clickable logs, which you can quickly select and see the complete details of the IP, which is called NetCheck;

Image

NetCheck is the feature administrators have been waiting for. The cure-all for understanding the IP origins, its assigned network ranges, and much more. NetCheck can quickly block the IP or every registered network range it’s assigned to. A great tool when you want to eliminate complete spamming networks. We could go on for a while with its features, just check them out at here.

So is country filtering impractical? Let’s all admit it. IP Blocking is a pain! What the folks at Viper Network Systems did is put it all together in an affordable package. Image what happens when you start filtering out the unwanted country traffic (SQL management port attempts from China, RPC attempts from Russia, Telnet attacks from Romania, spam from Africa and Brazil). IDS/IPS experiences fewer false positives, which can be dialed in better to become more effective, spam and system loads are reduced; bandwidth is freed up of unproductive global traffic, and network security is further hardened. Why you ask? It’s simple; you reduce the attack space to your exposed ports in your security environment. There is less intention analysis needed.

If you filter out just 30% of the unwanted traffic to your internet facing servers and devices. That’s 30% you do not have to worry about again, then dial in the country blocker like PacketViper to drop 50% of your global traffic. That’s 50% less you have to sift through, 50% fewer loads on your security systems, and 50% fewer chances of malicious traffic finding a vulnerability.

Why would you then allow that obscure country access at VPN, FTP, and the thousands of other ports? I can tell you wouldn’t or wouldn’t want to. This is why smart country blockers are important and needed. —-Frank Trama

Overall Geo IP (Country) blocking can be practical and should be a required layer for every security environment. Personally, I cannot see any of my environments without this feature. For full disclosure, I have the product and contributed to its design.

CEO & Co-Founder
PacketViper, LLC

I read a disturbing alert/article which claimed that

“Thousands of WordPress websites are being used to carry out a huge cyber attack campaign in the form of a distributed denial of service [DDoS] attack.

The Hacker News reports that hackers have targeted “a large number” of sites on the WordPress platform after successfully compromising some 90,000 servers way back in April 2012 and in the process have created a WordPress botnet.

Read more: http://www.itproportal.com/2013/09/27/hackers-launch-huge-ddos-attack-using-wordpress-websites/#ixzz2g7QmIaMQ”

This is obviously concerning to many folks, and our customers.  What we decided to do is create a Global Network List (tm) for our customers which will contain all AUTOMATTIC Inc (WordPress) IP addresses, just over 60,000. Customers will be able to now set triggers to alert, restrict, rate limit, and or block based exclusively on AUTOMATIC Inc networks.

Obviously we do not feel WordPress, their affiliates, or AUTOMATTIC Inc is a bad entity, rather a quality provider of online services to the public. This is simply a stop gap measure for our customers to limit any DDOS potential for compromised systems within, should they need to.

Let me explain what PacketViper Global Network Lists are.  PacketViper aside from per port Geo IP filtering includes our patent pending Global Network Lists.  Our Global Network Lists are a collection of global business (i.e Microsoft, eBay, Amazon, Automattic Inc), collocation providers (i.e. Softlayer, Expedient, Ubiquity), high risk networks (i.e. malware, botnet, C&C), and many other varieties of industries.  Customers can quickly choose to allow or deny any of the thousands of industries based on their value to their business. This gives more granularity to the customer, on top of the per port Geo IP filtering.

For Instance: if a customer is filtering many geo-locations, and wants to insure Microsoft networks like email servers, or some application widgets can always reach the customers network.  They would simply place a check mark next to Microsoft, enter the ports needed to communicate with Microsoft, click on save, and they are done.

Global Network List Screen Shot

Image

 

 

By Francesco Trama