DOD seeks defense against denial-of-service attacks

The Defense Information Systems Agency wants commercial products that could help network administrators detect and react to distributed-denial-of-service (DDOS) attacks, according to a request for information posted today.

In such attacks, an individual or group attempts to bring down a Web site by overwhelming it with traffic.

The agency is interested in solutions that could give administrators a clear and timely picture of what is happening on their networks, alert them in the event of suspicious activity and provide options for mitigating attacks, the notice states.

“The goal of this solution is to detect and mitigate all DDOS attempts to disrupt [Defense Department] network communications and to detect internal assets displaying anomalous behavior across the Internet-to-NIPRnet boundary,” the notice states.

In some cases, hackers use malicious code to hijack the computers of unsuspecting users and turn them into zombie machines with instructions to repeatedly send data packets to targeted Web servers to overwhelm them and knock the sites off-line.

Last week, hackers used that type of attack on government and private-sector Web sites in the United States and South Korea to varying degrees of success.

According to a report in the Wall Street Journal last week, DOD officials confirmed that their networks had been struck. But the officials said the intrusions were detected quickly and did no real damage. Other U.S. government Web sites reportedly didn’t fare as well.

Meanwhile, the Associated Press reported last week that the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at certain points. The article cited officials inside and outside the government.

In the RFI, DISA said it’s interested in a tool that can report DDOS events within five minutes of the start of the attack. Officials also want the solution to monitor inbound and outbound traffic at 11 worldwide Internet-to-NIPRnet access points.

The RFI asks vendors to provide details on proposed solutions’ capabilities for detection, mitigation, monitoring, logging, reporting and alerting. DISA also wants information on proposed systems’ security, administration and architectures, along with cost and schedule estimates.