Plixer International Protects Reveal Systems from Denial of Service Attacks

Share Article

Scrutinizer helps Colorado based Reveal Systems, Inc. identify suspicious activity and prevent Denial of Service attacks on its network.

It would be virtually impossible to identify and resolve problems without Scrutinizer.

Denial of Service (DoS) attacks are the events that network engineers both anticipate and dread because their impact can wreak havoc on the local network. When Reveal Systems was faced with chronic DoS attacks, they turned to NetFlow analysis with Plixer International to gain critical and timely identification and resolution.

Reveal Systems, Inc. of Longmont, Colorado, develops and markets vertical software solutions with products including Real Estate Forms Software, VOIP Business Phone Systems, and Internet and IT Solutions and Services. For their VP of Network Services, Joe Yandrofski, DoS attacks were all too frequent occurrences. “We have a far-flung network that serves a lot of small businesses. We were experiencing DoS attacks every few months,” said Yandrofski. The attacks were crippling the network, creating a drain on engineering resources and resulting in lost productivity and frustration for internal network users.

Yandrofski began his search for a network traffic monitoring and analysis tool that would give him the capability to preemptively identify DoS attacks on his network. He investigated several NetFlow collector products when a colleague recommended Scrutinizer. "I downloaded and evaluated the free version for an extended period before purchasing it,” Yandrofski said. One thing Scrutinizer offers that he didn’t find in other products is the ability to identify a high volume of small packets. Since spikes in packet count can be a precursor to a DoS attack, this was of particular importance to him.

However, Yandrofski’s choice wasn’t based on Scrutinizer functionality alone. “My decision to buy was due, in no small part, to the sales group who was very responsive and helpful in answering all my questions,” he said.

This NetFlow collector has proven to be an invaluable tool for the Reveal Systems IT group, using it to pinpoint suspicious traffic on their network every few weeks. “It would be virtually impossible to identify the source and resolve problems without Scrutinizer,” Yandrofski said.

The tipping point for Yandrofski’s decision to purchase Scrutinizer occurred with a DoS attack that started one evening at 5:21pm. The first clue to the attack was when Reveal System IT engineers started receiving calls from internal users complaining of a slow internet connection. This was followed by a complaint from their service provider at 5:39pm, informing them that one of their internet hosts (an IP address) was causing a threat and had been blocked by the Border Gateway Protocol. Intervention by a service provider indicates serious network issues.

Plixer’s Flow Analytics system had posted alarms indicating which machines were participating in the DoS attack. Yandrofski knew the source of the DoS attack could be found with Scrutinizer because of its ability to zero in at the level of detail needed to identify the suspicious activity. Through Scrutinizer, Yandrofski confirmed the behavior of local machines participating in the attack as well as other suspicious behaviors including unfinished flows, worm attacks, and machines communicating with the Russian Business Network and The Second-Generation Onion Router.

The Scrutinizer Status screen showed irregular flows that would run for 5 minutes and then stop for 8 minutes and then start again. Scrutinizer indicated that the attack was User Datagram Protocol (UDP) based and was in two parts, specifically 80.02 megabits per second for 8 minutes on the source and destination Port “0” and 16 other connections on well known Port “53.”    

“Scrutinizer helped pinpoint the source of the attack and allowed us to block it,” said Yandrofski. “It provided a mechanism for identifying how the originator got around our security.” Because of Scrutinizer, timely identification of the problem allowed Yandrofski and his team to stop the attack and get the Reveal Systems network functioning normally again.

“The Scrutinizer support team went above and beyond the call of duty in helping me get to the bottom of this attack. Their Product Manager even provided a detailed report with advice on how to preempt future attacks. I was especially impressed because at the time I was still using the free version of Scrutinizer,” said Yandrofski. He now relies regularly on the full commercial product and its ability to help him arm the Reveal Systems network against malicious activity.        

Other technology corporations have also recognized the benefits of using Scrutinizer for their network management and traffic analysis. Organizations such as Empirix, Toshiba Europe, and Uptime Software have begun taking advantage of Scrutinizer’s advanced NetFlow reporting capabilities.

About Plixer International, Inc.

Plixer International, Inc. develops and markets network traffic monitoring and NetFlow analysis tools to the global market. All of the sFlow, IPFIX and NetFlow tools are built from the ground up with valuable feature sets and ease of use in mind. Plixer tools have been used to analyze and troubleshoot irregular network traffic patterns by IT professionals with some of the largest networks in the world, such as AT&T, Toyota, CNN, The Coca-Cola Company, Lockheed Martin, IBM, Regal Cinemas, Raytheon, and Eddie Bauer.

For product and sales information, contact Plixer International, Inc. at 1 Eagle Drive, Sanford, Maine, via telephone 207-324-8805, via fax 207-324-8683, on Facebook, on Twitter, or through the Plixer website at http://www.plixer.com.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Visit website