DOD seeks defense against denial-of-service attacks

The Defense Information Systems Agency wants info on commercially available security products

The Defense Information Systems Agency wants commercial products that could help network administrators detect and react to distributed-denial-of-service (DDOS) attacks, according to a request for information posted today.

In such attacks, an individual or group attempts to bring down a Web site by overwhelming it with traffic.

The agency is interested in solutions that could give administrators a clear and timely picture of what is happening on their networks, alert them in the event of suspicious activity and provide options for mitigating attacks, the notice states.

“The goal of this solution is to detect and mitigate all DDOS attempts to disrupt [Defense Department] network communications and to detect internal assets displaying anomalous behavior across the Internet-to-NIPRnet boundary,” the notice states.

In some cases, hackers use malicious code to hijack the computers of unsuspecting users and turn them into zombie machines with instructions to repeatedly send data packets to targeted Web servers to overwhelm them and knock the sites off-line.

Last week, hackers used that type of attack on government and private-sector Web sites in the United States and South Korea to varying degrees of success.

According to a report in the Wall Street Journal last week, DOD officials confirmed that their networks had been struck. But the officials said the intrusions were detected quickly and did no real damage. Other U.S. government Web sites reportedly didn’t fare as well.

Meanwhile, the Associated Press reported last week that the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at certain points. The article cited officials inside and outside the government.

In the RFI, DISA said it’s interested in a tool that can report DDOS events within five minutes of the start of the attack. Officials also want the solution to monitor inbound and outbound traffic at 11 worldwide Internet-to-NIPRnet access points.

The RFI asks vendors to provide details on proposed solutions’ capabilities for detection, mitigation, monitoring, logging, reporting and alerting. DISA also wants information on proposed systems’ security, administration and architectures, along with cost and schedule estimates.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Reader comments

Thu, Jul 16, 2009

i recall reading in FCW or CHiPS several years ago of a USAF program that was showing great promise in monitoring/detecting/analyzing/reporting suspicious ip traffic...regret not knowing the name of the program, but it was very promising...they should look to the USAF and see what they had in development and start there

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above