Invicta Networks is the product of a former KGB agent which in itself may be cause for questioning their software. The technology sounds interesting in that it does make it difficult for someone to launch a DoS attack against your site since the target address keeps changing.
The DNS question is a valid one. DNS is distributed and entries are cached for some period of time so how do you find the current address of the site if it changes frequently and even more interesting if it changes while you're connected to it?
One would have to conclude that somewhere in all this is one or more controllers that deal with this particular issue. What it appears to be is a type of wide scale deception scheme where all addresses are valid and appear to have hosts attached but only one is the real device. The invalid addresses can be mapped to a system that monitors and tracks intrusion attempts.
This idea is not new. Fred Cohen of all.net has been talking about this for years.
I'm interested in knowing how the system would gets around a Distributed DOS attack that sends valid TCP requests for a web page. In this scenario the attacker is using a valid address to contact the server by DNS name and request a page. Multiply this by several thousand systems the make multiple recurring requests and this eats up your server resources and bandwidth pretty quickly.
Doesn't seem to me that varying your address would do much against this attack but maybe this technology isn't designed for use with web sites.
Any way the company claims to have unbreakable protection against outside and inside hackers and real-time detection of ALL intrusion attempts including virus detection. Gee, I hate to sound like a sceptic but I generally take marketing claims with the word ALL in them with a grain of salt.
-- Bill Stackpole, CISSP
Disclaimer: My opinions are my own and do not necessarily reflect those of my employer.
| "Eric Johnson" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 06/13/2001 06:43 AM
|
To: [EMAIL PROTECTED] cc: Subject: Has anyone heard of this? |
From <http://news.zdnet.co.uk/story/0,,s2087257,00.html>:
The new system can change the cyber-addresses
on a network faster than once a second, cloaking
them from all but authorized parties, said Victor
Sheymov -- founder, president, and chief executive
of Invicta Networks.
...
Standard approaches to computer security rely on
encryption, or data scrambling, plus devices such
as firewalls aimed at screening out abnormal traffic
patterns that look threatening.
But any network protected this way is a sitting duck
for a determined hacker, Invicta said. Instead, it
puts the network in cybermotion through a
continuous change of "Internet Protocol" addresses --
the chain of digits underlying the Web to route traffic
to its destination.
The Invicta system uses special cards to link
protected computers to a central control unit. It lets
clients decide how often they wish to vary IP addresses
and specify which applications may be accessed on
their network. The number of IP addresses drawn on may
be in the billions thanks to an artificial increase in
cyberspace, Sheymov said.
I've been pretty busy lately so this could have been discussed on
this mailing list and I could easily have missed it.
Anyway, changing ip addresses once a second would seem to
make it pretty tough for DNS servers to keep up. And even tougher
on maintaining a connection to the host.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
