Level 3 takes active role in blocking traffic to criminal sites

Level 3 Communications has been taking what industry watchers say is an aggressive and potentially risky approach to battle criminal activity by blocking traffic to servers that could have ties to criminal organizations, reports The Wall Street Journal.

There are two reasons Level 3's approach is risky. For one, experienced computer hackers have the ability to leverage legitimate servers to conduct their attacks. Second, the practice goes against the principle that service providers should not put roadblocks on the flow of Internet traffic.

Regardless of the challenges and questions of shutting down questionable services, the rise of cyberattacks on major corporations such as Target and more recently at Partners Healthcare prompted Level 3 to step up its security efforts. The service provider will shut down questionable traffic that does not involve any of its customers once every few weeks.

One of the recent attacks that it thwarted was traffic coming from computer servers overseen by a group of hackers known as SSHPsychos. To carry out their attack, the group leveraged rented servers in a data center to hack other computers that could bring down target websites by flooding them with junk traffic. The service provider was able to block a large number of what it said were a Hong Kong-registered data center's IP addresses from the Internet.

"Sometimes you have to cut off a finger to save the body," said Brett Wentworth, director of global security at Level 3 Communications, in a WSJ article.

However compelling Level 3's aggressive methods to thwarting hackers is, not everyone agrees it's the right approach.

AT&T's (NYSE: T) Chief Security Officer Ed Amoroso said that a large amount of Internet traffic could just be nothing more than a retailer having a very busy day of sales. Every attack on its network and its customers' networks are carefully examined and the telco will only step in until it talks with its legal experts.

"We have to be careful, and the carrier industry has to be very careful not to go pushing buttons," Amoroso said, according to the WSJ. "You're never 100% sure of these things."

According to Dyn Research, Level 3 carries traffic from about 40 percent of all Internet addresses.

Each day its software examines more than 45 billion detailed routing logs to look for signs of questionable activity before deciding to act on what traffic can be ignored and what needs to be immediately addressed.

In addition to helping to fend off and cut off attacks, Level 3 has been offering a number of new tools such as its dedicated denial of service (DDoS) Mitigation Service to enterprise commercial clients.

Through the creation of what it calls "scrubbing centers" near the network edge, Level 3 claims it can more effectively and rapidly respond to an attack on a business' network. The service provider has built a total of seven scrubbing centers, including five in the United States and two in Europe. In May it opened a third center in Sao Paulo, Brazil.

For more:
- WSJ has this article

Related articles:
Level 3, Comcast sign new network interconnection agreement
Cogent asks regulators to place Internet traffic conditions on AT&T/DirecTV tie-up
Level 3 advances SDN play with its adaptive network control solution for Microsoft Azure
VSG: Level 3's tw telecom acquisition helps it surpass Verizon in Ethernet race