 |
 |
 |
|
 |
Attacks in the pastThroughout the duration of Melior's Internet Security consulting business, it became apparent there was no available defense against Denial-of-Service attacks, or any protection against Penetration Testing probes. After the 1999 'Mafiaboy' attack, which shut down many prominent websites for several days, several companies set out to develop solutions against the dDoS threats, funded overall in excess of $250 million, but it became increasingly obvious none of them came up with a new approach to solve the problem, but rather re-used already existing technology, such as bandwidth throtteling/QoS, signature-based detection mechanisms, etc. - all of which were doomed to fail by design.With the Internet Root Server attacks on October 21st and 22nd, 2002, which almost shut down the entire global Internet with a simple ICMP dDoS attack (had they lasted longer than the 5-hour DNS cache expiration), it became clear that something had to be done. The Internet had evolved to be a key communications network for Governments, businesses, and manufacturing; and networks started to face threats from internally compromised systems. Melior's developmentsMelior decided to start the development of a CyberWarfare Defense product line, and identified an interesting technology approach in Germany, which seemed to provide a head-start. Ultimately, this technology did not live up to expectations either, and the patents filed for it turned out to be fake.Melior continued the development of a product as an inline-scanner, sitting undetectably "on the wire" in front of the protected infrastructure or at critical internetworking connection points, inspecting all traffic flowing through the system and deciding on the fly, which of this traffic is valid, and which constitutes either a Denial-of-Service condition, a Penetration Testing probe, or simply invalid 'junk' traffic. The solution was to pass on all valid traffic and discard the invalid packets, thus providing uptime, keeping the cost of dDoS attack traffic down, and eliminating huge log sizes on the firewalls and intrusion detection systems behind the system, so IT and security administrators can find and act upon critical log entries. Throughout the development process towards the final product - now realized with Barbican RNP -, Melior kept the public informed about the goal and the R&D progress, and was approached several times to help out; dDoS attacks became more frequent, organized crime took over from the amateurish initial attacks for extortion attempts, and increasingly, dDoS attacks kept shutting down large e-commerce businesses and payment processing providers. In summer 2003, Melior deployed a pilot system for a popular website at a US Internet Service Provider (ISP), for which those first, TCP-only code versions worked to successfully defend against the attacks, thus keeping the web site alive. Later during the same summer 2003, Microsoft was the victim of a coordinated attack with the MS Blaster worm, which threatened to cause a Denial-of-Service attack against the company; in defense, Microsoft moved their online presence to Linux-hosted Akamai at great expense, and found that the traffic to download the MS Blaster patch almost exhausted Akamai's resources. The subsequent dDoS attack would likely have been successful in terminating the systems serving the 'Windows Update' domain name. Melior offered the prototype dDoS solution to Microsoft, but the company decided to abandon the domain name instead. 
In fall 2003 the Spammers, by now mostly organized crime groups, contracted several virus authors, and launched a coordinated attack against the mostly non-profit anti-Spam blacklists. All six non-profit blacklists went instantly down, and the only commercial one moved to Akamai at great expense, yet was still taken down. Melior was approached by the non-profits, and provided Spamhaus with hosting, a prototype, and hands-on implementation of other code in development; units were also shipped to SORBS & SPEWS in Brisbane/Australia and the US, while Melior engaged also in other activities to defend them against the dDOS attacks.
Melior and SpamhausAs a result, Spamhaus, SORBS, and SPEWS survived, while other blacklisters, among them Osirusoft in New Zealand and monkeys.net disappeared from the Internet forever. The combined user base of the three surviving blacklists (Spamhaus alone with 260 million, serving many multi-national governments and corporations) continued to be able to eliminate about 40% of incoming spam through Melior's efforts in the middle of the development cycle. The direct involvement with Spamhaus gave Melior hands-on experience from a user perspective, and allowed to follow the progress on various dDoS attack attempts in a real-world scenario: (External attack traffic against the Spamhaus Web site) Continuously, new dDos attacks were launched against the Spamhaus web site, spiking at 100 Mbit/s; the attackers realized those were without effect, ceased the attacks after a a day or so, and tried a different method, only to find it did not work again. After several months, they gave up. Other prototypes were installed at various locations, providing feedback to R&D during the development process. In February 2004, Melior introduced the productized version of the first, TCP-only code under the label 'iSecure'.
Shown here the standard 1U und the HA-2U Versions of the 'iSecure' pre-release product.
The general public saw the product first at the RSA Show in San Francisco. Here Melior's Co-Founder and COO, Matt Gair (on the right) with Melior's CTO, Dr. Yoohan Alex Kim (on the left): )
In June 2004, our reseller in Japan, DTC, introduced iSecure at Networld + InterOp in Tokyo:
At the end of 2004, Melior finally introduced, and shipped the first versions of the full product in January 2005, which bears the permanent and trademarked name for the product line: Barbican RNP. 
With daily news of increasingly sophisticated dDoS attacks, and greater damages by each attach, the threat of Denial-of-Service has peaked as the Number 1 threat, and the product could not come at a better time.
Melior will continue to expand the product line with additional modules, for other bandwidth requirements, telecom-grade fail-over solutions, and products, which address other threats creating Denial-of-Service conditions, such as eDoS (aka: Spam). The company recognizes the educational effort necessary to introduce the new CyberWarfare Defense Layer to the world, similar to the effort undertaken 10 years ago, when firewalls were introduced, and everyone had to learn and understand the need for this initial level of protection. As a small technology start-up, the company has been extremely successful in developing and proving the technology, however lacks the financial means to undertake this effort on its own. Consequently, Melior is seeking strategic partners of the might and substance, capable to support the marketing efforts required to succeed in this mission.
Microsoft, Akamai, Spamhaus, SPEWS, SORBS, Osirusoft, etc. are Trademarks of the respective corporations and institutions.
iSecure and Barbican are registered trademarks of Melior, Inc. |
|
© Copyright 1987 - 2006 Melior, Inc. - CyberWarfare Defense
Trade- and Servicemarks, Copyrights, and Patent-Pending Protection is effective in WTO countries.
v 09062010-1053 NetGroup GmbH Dortmund/MEZ