Delayed at least 15 minutes

• Customer Center
• Contact Us
• Disconnects/Cancellations
• Billing Inquiries
• Level 3 Merchandise Online Store
• Level 3 Vyvx Services
• Level(3)Enabled Portal
• Local Number Portability
• Network Operations Center
• Network Security
• Online Customer Service Center

Home / Customer Center / Network Security / Level 3 Communications Distributed Denial of Service Overview

Network Security

Level 3 Communications Distributed Denial of Service Overview

What Type of Threat Do DDoS Attacks Pose? Distributed Denial of Service (DDoS) attacks work by sending a flood of IP packets from hundreds of sources (DDoS Clients). These clients, often times, have themselves been compromised by an attacker, and the clients are controlled remotely to ensure the attacker cannot be traced. The packets that hit the victims are generally forged, with invalid source addresses, making tracing to the client extremely difficult.

 

What Specific Measures Is Level 3 Taking In Response To DDoS Attacks?
Level3 provides a 24x7 response capability to assist customers in responding to and mitigating AUP violations, including; Denial of Service attacks, hacking, or other suspicious activity against a customer. The Level 3 Security Operations Center operates a Computer Incident Response Team that can quickly engage the correct subject matter expertise to assist with the classification, and remediation of the incident.

DoS  attacks are an industry problem, for which there is no easy resolution. However, Level 3 is committed to providing assistance to its customers who suffer DDoS attacks.

• Resistant Router Network
  
  Level 3's router network has already been configured to prevent IP-directed broadcast, proxy arps, and IP redirects, thereby making it more resistant to DDoS attacks. In addition, Level 3 currently monitors its production networks for all security anomalies, including DDoS attacks, and takes immediate action when such an attack is identified.
  
  
• Deployment of DDoS Tracking System
  
  Level 3 has also deployed a DDoS Tracking system that can trace attacks involving forged source addresses to the edge of the Level 3 network. Due to the nature of DDoS attacks, the tracing activity involves a significant amount of coordination with other ISPs. Since the tracing activity can impose an extreme load on the Level 3 infrastructure, its deployment must be determined on a case-by-case basis.
  
  
• No-Cost Network Exposure Analysis
  
  Level 3 has an agreement with a leading security service provider (Ernst and Young) to offer our customers a no-cost network exposure analysis scan of their systems. These scans are designed to recognize and reveal compromises and exposures, such as vulnerability to DDoS programs. To take advantage of Ernst and Young's free offer, call Denise Olsen at 720-931-4354. Ernst & Young's security Web site is at http://www.eSecurityOnLine.com.

What Can I Do To Help Prevent DDoS Attacks?
Level 3 encourages its customers to filter traffic to prevent DDoS attacks, participate in measures to increase Internet security, and to educate others by joining the ISPSEC and/or supporting the Alliance for Internet Security. Specifically, we ask our customers to take measures to:

• Deploy an outbound filter that only allows their authorized address space (e.g., Cisco provides a reverse path verification option, to prevent spoofed packets; "verify unicast reverse-path" www.cisco.com/warp/public/707/newsflash.html), and
  
  
• Ensure that all their systems are properly protected to prevent compromise, since the distributed DDoS attacks rely on the attacker gaining access to a large number of systems.

Preventing potentially debilitating attacks is far easier, and less costly, than having to respond after the fact. Therefore, we hope you'll join us in our pledge to prevent DDoS attacks by working together to become part of the solution.