Denial of Service Attacks Blocked by Allot’s NetEnforcer

Enhancing Network Security, the NetEnforcer Monitors and Blocks Attempts to Disrupt Enterprise Network Operations

MINNEAPOLIS–(BUSINESS WIRE)–Nov. 20, 2001–Allot Communications, the premier provider of policy-based networking solutions, announced today the successful implementation of Allot’s NetEnforcer(TM) to enhance network security and block Denial of Service (DoS) attacks as well as enhance protection of system resources from computer-worms like the Nimda and Code Red.

Successful Bandwidth Management Delivers Protection From DoS Attacks and Malicious Traffic

Malicious worms were recently distributed and unwillingly duplicated throughout the Internet. Unwilling collaborators’ systems joined in scheduled and planned Distributed DoS (DDoS) attacks on unsuspecting sites. Infected systems increased demand of bandwidth and server resources, thereby slowing down business-critical applications.

Protecting from such illegitimate attacks on network resources is an additional benefit of Allot’s NetEnforcer. By utilizing NetEnforcer’s unique capabilities to limit and monitor connections per traffic pipe and to block new connections as they come in, the user is able to prevent attacks and send alerts when an attack is imminent. Additionally, a network manager is able to focus — in real-time — on the busiest hosts and traffic channels to pinpoint the source of illegitimate traffic.

“We have managed to function on normal levels during a recent attack on our network”, said Mr. Olivier Gandar, IT Manager of Metz City Hall, “we are continuously monitoring network traffic patterns with the Allot’s NetEnforcer to offload our existing firewall and to deflect attacks on our network, should they emerge”.

“Allot is strengthening its NetEnforcer product line with innovative security features that are demanded today,” added Dr. Vijay Ahuja, President of Cipher Solutions and a well-known security consultant. “The NetEnforcer’s protection against DoS attacks creates a first line of defense, enhancing performance of firewalls and other network devices. One of the best security practices for the enterprise is to design such a multi-layered security system.”

Recent published statistics by CERT (Carnegie Mellon University) showed the number of reported attacks to double from 1999 (9,859 incidents) to the year 2000 (21,756 incidents). For the period January through September 2001, reported attacks doubled again (34,754 incidents). Separately, National Infrastructure Protection Center, a government agency, announced a warning that it’s expecting the number of DoS attacks to increase (September 17, 2001 Advisory). Furthermore, experts now warn that future worms are going to be more vicious.

“Allot’s per-flow-queuing technology and admission-control algorithm are proving very useful in providing an answer to DoS attacks and the proliferation of worms,” concluded Udi Levin, Allot Communications Director of Product Management. “With a growing number of corporate networks and hosted services under attack, we have successfully protected network resources with the NetEnforcer’s performance enhancement utilities.”

Using Allot’s NetEnforcer to Improve Network Security

The NetEnforcer family of products enables network managers to allocate bandwidth network resources based on business priorities. Improving network performance by resource management creates a first line of defense from illegitimate users and applications that seize an undeserved share of resources.

NetEnforcer detects known DoS and DDoS attacks and intelligently blocks new flows suspected as destructive traffic. Placing the NetEnforcer at the edge of the enterprise’s network enhances performance of firewalls and internal network devices. NetEnforcer discards malicious traffic packets that slip through routers, improves application performance and enhances network security.

By deploying NetEnforcer, service providers and enterprises can monitor, record and alert users of imminent attacks on network resources. NetEnforcer’s extensive real-time monitoring capabilities including tracking busiest servers and users, channel utilization rates, number of open connections along with creation rate of new connections, provides valuable tools for security troubleshooting. Moreover, NetEnforcer’s accounting registers traffic statistics of all sessions and assists network administrators to pinpoint attackers. Finally, NetEnforcer’s Log gives abnormal-event notifications, such as when packets are denied access.

Background Information on DoS Attacks and Worms

Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks — are when an organization’s resources or services are taken away by someone’s intentional action. There are various types of DoS attacks; the more popular ones are known as Smurf attack (when the person behind the attack sends high volume of ICMP type packets) and SYN attack (when the attacker initiates a high rate of new connections requests and then fails to follow up).

Worms are spread from system to system (i.e., clients or servers), by HTML pages, e-mail messages, and copying files — such as done in Peer-to-Peer applications. While viewing an infected Web page, an unsuspecting client PC will download a copy of the infected executable code. The worm will then spread itself to other files and make changes in system files.

About Allot Communications

Allot Communications was founded in December 1996 to deliver policy-based networking solutions that improve performance and enable the deployment of mission-critical, time-sensitive applications in IP networks. By providing flexible Quality of Service (QoS) solutions to enterprises, Allot allows network managers to direct allocation of network resources based on business priorities, and thereby to achieve higher efficiency and cost savings. Additionally, by providing Service Level Agreement (SLA) solutions to service providers, Allot enables network and application service providers to offer SLA-based services to their customers, and thus to increase their own revenue.

Allot Communications has established offices in Burlingame (CA), Houston, New York City, Minneapolis, Tel Aviv, Tokyo, Singapore, Sophia Antipolis (France), Munich, London, and Randers (Denmark). The company sells and markets its products worldwide through original equipment manufacturers (OEM) and distributor channels. The company is privately held and venture-backed. Visit Allot on the Web at

Reader Contact Information:

Allot Communications, Inc., 250 Prairie Center Drive, No. 335, Eden Prairie, MN 55344, Tel: 952/944-3100, Fax: 952/944-3555,,

Note to Editors: Allot Communications, the Allot Communications logo, and NetEnforcer are either registered trademarks or trademarks of Allot Communications Ltd. Other company, brand, product, and service names are trademarks or registered trademarks of their respective holders.

Members of the media interested in testing and evaluating any of Allot’s products should contact Michael Matthey, 210/820-3070 ext. 106 or

Don't miss