Arbor Networks Pravail APS 2003 PRA-APS-2003-AC Fiche De Données

•  Spoofed/Non-spoofed DoS Attacks

•  TCP (SYN, etc.), ICMP, UDP Floods

• Botnets

•  Blackenergy, Darkness, 

YoYoDDoS, etc.

• Common DoS/DDoS Tools

•  Slowloris/Pyloris, Pucodex, Sockstress, 

ApacheKiller

•  Voluntary Botnets (Anonymous, etc.)

• HOIC, LOIC, etc.

• Application Attacks

• HTTP URL GET/POST Floods

• Malformed HTTP Header Attacks

• Slow-HTTP Request Attacks

• SYN Floods Against SSL Protocols

• Malformed SSL Attacks

• SSL Renegotiation Attacks

•  SSL Exhaustion (Single Source/

Distributed Source)

• DNS Cache Poisoning Attacks

• DNS Request Floods

• SIP Request Floods

•  Custom Attacks—Unique to 

Your Service

• Location-based IP Addresses

Many organizations rely on Secure Socket Layer (SSL) encryption for transmitting data 
securely. Unfortunately, attackers can also encrypt their attacks, so the Pravail Availability 
Protection System must also inspect encrypted traffic for threats. Using an off box SSL 
decryption device, the Pravail Availability Protection System can inspect data that has been 
previously encrypted to identify embedded attacks and help block those threats from harm-
ing the network. Once the traffic has been inspected, “clean” encrypted traffic is transmitted 
to the intended destination. 

Because the cost of downtime is extremely high for many organizations, the Pravail 
Availability Protection System is designed to automatically detect and prevent DDoS attacks 
with little or no user interaction—before services are degraded. It also offers simple fallback 
plans and resolution techniques when attacks cannot be readily identified. Moreover, the 
Pravail Availability Protection System can recognize legitimate CDN traffic and will not 
accidentally block it.

Arbor enjoys a close and privileged relationship with leading ISPs around the world. 
Through its extensive network of sensors and data feeds, Arbor has real-time visibility 
into over 80% of global Internet traffic. This gives Arbor unmatched insight into emerging 
threats—information that is used to develop effective countermeasures against the latest 
attacks. ATLAS Intelligence Feed is an update service that automatically provisions the 
Pravail Availability Protection System appliances with the latest defenses to new threats 
and updates IP location data—all in real time.

The Pravail Availability Protection System delivers superior availability protection without 
impacting a Web site’s page ranking and search engine results. ASERT maintains policies 
in the ATLAS Intelligence Feed that allow specific Web crawlers to access your site, but 
blocks those that are malicious or irrelevant.

The Pravail Availability Protection System is not a “black box.” While it delivers automated 
protection from DDoS, the Pravail Availability Protection System also provides real-time 
visibility into attacks, blocked hosts and even packets. It offers the flexibility operators need 
to alter attack countermeasures and thresholds if required. It includes active alerting that 
notifies security engineers of ongoing attacks that are blocked, as well as other network 
events that may require their attention.

The Pravail Availability Protection System offers detailed attack reports in real time, so 
operators can visually understand the actions taken by the appliance. Besides documenting 
these actions in audit logs, it provides forensic reports detailing blocked hosts, origin 
countries of attacks and historical trends. These easy-to-understand reports can be given 
to peers or management to educate them on the threats to service availability and the steps 
taken to address the attacks.