Increased reportage of denial of service attacks on Telstra's network recently has raised questions about the telco's security protection, which has been criticised as a -reactive" approach by one industry specialist.

The country's number one telco was struck by a number of DoS attacks near the end of November, three in the space of a week in fact, with one disabling services for about four hours. Since the November attacks, Telstra confirmed it has been struck with a couple of DoS assaults, before the most recently reported weekend attack, which left services inaccessible to users for over an hour.

Whilst Telstra claims there are a few things it is looking at doing to enhance security protection in this area, spokesperson Stuart Gray declined to discuss the telco's plans. -If people know what we're doing they could look for ways around it," he said. However, Gray did say that if a targeted DoS attack, which comes from an original IP address, is detected then that IP address is blocked. If it's a distributed DoS attack - where a number of computers that are vulnerable to worms are used in the orchestration of an attack - Telstra will block that destination address.

However, according to networking company Foundry Networks, Telstra - which is essentially applying filters to its routers to drop packets from the attacking host (if it manages to identify that host) -- needs to take a more proactive approach.

-What they're doing is very reactive, " Foundry Network's David White told ZDNet Australia.

-If they keep getting attacked then it's obviously not working...they're not using the correct form of technology to deal with the problem."

Touting Foundry's ServerIron Web-switching tool, White added: -There's certainly a sales opportunity here."

According to White, Web-switching actually monitors traffic as it passes and blocks packets of data, thus squashing an attack. -It's very easy to be implemented...but probably not as widely used as it should be in Australia," he said.

In comparison, the use of such technology in the US has been pretty widespread since well-publicised Denial of Service attacks on EBay and AOL, White claims.

-I would say that it's all going to be driven by how much press [Australian] attacks get," White said, adding that service providers will probably be forced to take more protective levels in the next year.

Glenn Miller, managing director of IT security software distributor Janteknology, agrees that Web-switching technology isn't all that widespread in Australia and believes that one problem is the fact that such attacks don't get a lot of reportage.

According to Miller there's an -artificial perspective" generated in Australia that not much happens here with regards DoS attacks. However, -the rolling seven-day incident log for Australia is the highest it's ever been...but no one's talking about it," he added.

According to Miller, the lack of adequate protection at service provider level is partly down to the complacency that exists in relation to IT security in Australia. Foundry's White adds lack of education and lack of funds to the list.

However, it's not overly expensive to set up this sort of technology, he claims. -It's a trade off between the amount of revenue lost and affect on customer satisfaction between the cost of the technology."

Whilst ASP, e-commerce organisations will definitely be losing money from DoS attacks, for ISPs - which charge users a flat rate fee or bill them on download capacity -- DoS attacks are probably making them money, White said.

It may be only a small number of bytes per packet that is added to user's download limit, but -a long attack could be racking you up not an insignificant bill," he added.

However, Janteknology's Miller says that nothing will give an organisation total immunity to DoS attacks.

-A sustained high-volume attack can ultimately overwhelm everything...possibility Web-switching technology can be overwhelmed too but that would have to be a concerted attack over a period of time," Miller said.

Telstra claims that it did not sustain its latest DoS attack for a particularly long period of time and shut down impacted routers when the attack was detected.

Nevertheless, having to -pull the plug" is a tough call for an ISP, according to Miller. However, -if it's constant and represents a real risk pulling the service is not a bad thing to do".

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.