Connections +
News

Sandvine warns of threat within: Up to 12% of attacks are internally launched

Based on data collected from over 100 globally-dispersed deployments, Sandvine Inc. today announced that up to 12% ...


October 4, 2005  


Print this page

Based on data collected from over 100 globally-dispersed deployments, Sandvine Inc. today announced that up to 12% of all scanning attacks found on a broadband service provider’s network are launched internally, from its own subscribers.

The Waterloo, Ont. company said the finding dispel the commonly held idea that all attacks come from external, off-Net attackers, and that broadband security only consists of policing the borders between external and internal networks.

It added that internal subscribers are attacking external targets and other internal subscribers, consuming network resources and spreading worms and spam Trojans. As a result, subscribers need to be protected from each other as well as external malicious hosts.

Significantly, these internal attackers are most likely unsuspecting victims themselves: “zombie” PCs — whose owners are completely unaware that their computers are infected and searching for other vulnerable hosts — conduct most scanning attacks,” Sandvine said.

“These subscribers play the unwitting host to malicious agents, scanning IP addresses, sending requests to useable port numbers, and transferring the worm or Trojan code when a vulnerable host is found.”

An infected subscriber often reports performance degradations and other problems to the help desk, oblivious to the real reason why their computer seems sluggish or is behaving anomalously.

“If the enemy is already loose within the gates, it doesn’t matter how high the walls are,” said Dave Caputo, president and CEO of Sandvine Inc.

“Broadband service providers must not only prevent malicious agents from entering their network from the ‘outside,’ but also cleanse the unsuspecting attackers on the ‘inside’. The most successful service providers are protecting their subscribers from malicious traffic no matter where it comes from.”

For the study, Sandvine gathered data across a select sample of broadband service provider networks representing over 20 million subscribers worldwide.