Arbor Data Sharing Programs
Fingerprint Sharing Alliance
The Fingerprint Sharing Alliance is an Arbor-brokered forum allowing Peakflow SP customers to share amongst each other anomaly information directly from their respective Peakflow SP device(s). Data sharing is on a direct participant-to-participant basis, and is exclusively available to participating Peakflow SP customers. Currently, this data is consumed by Peakflow SP, where shared fingerprints are made available to Peakflow SP customers via the Peakflow SP user interface.
Peakflow SP Statistics Package
The Peakflow SP statistics package enables service providers to automatically share data hourly with Arbor (via XML over SSL) regarding Network and Transport Layer data associated with anomalies detected by the sharing party's Peakflow SP device(s), as well as general traffic data, such as distribution of IP, TCP and UDP protocol types and packet sizes. Reported anomalies involving IP addresses defined by the service provider as being an internal or managed element exclude the first two octets of the IP addresses.
Currently, this data is consumed by both Peakflow SP and ATLAS, where aggregate, anonymized attack statistics are delivered into each product's respective user interface.
Peakflow X Statistics Package
The Peakflow X statistics package enables enterprises to automatically share data hourly with Arbor (via XML over SSL) regarding Network and Transport Layer data associated with anomalies detected by the sharing party's Peakflow X device(s), and Peakflow X device configuration data. No internal IP addressing information is shared. Additionally, Peakflow X customers within the Peakflow X user interface can inspect all shared information. Currently, this data is not consumed by any Arbor product.
However, in the future, both Peakflow X and ATLAS will consume it, where anonymized ATF logs are parsed, correlated versus other Peakflow X deployments, and then delivered into each product's respective user interface.
ATLAS
The Active Threat Level Analysis System (ATLAS) analyzes global Internet darknets, i.e., IP address blocks allocated by Regional Internet Registries (RIRs) and globally routed by service providers but not yet assigned to internal or customer systems. Darknet typically exclude bogon or reserved address spaces, i.e. RFC 1918. Darknet intelligence does not represent activity originating from those IP address blocks themselves, but, more accurately, activity targeting those IP address blocks. ATLAS correlates this intelligence with additional datasets to determine a given host's current threat and malicious activity level on the Internet. Currently, this data is consumed by ATLAS and Peakflow X, where information regarding service scanning, exploit propagation and threat briefs are delivered into each product's respective user interface.
Routeviews BGP Data Feed
Arbor operates a BGP route server with which service providers can establish BGP peering sessions. Global route and associated BGP attribute reachability and stability reporting is provided, as well as specific prefix and other query capabilities. Service providers providing these BGP feeds need not be Arbor customers, though Peakflow SP is necessary to access the output or query the resulting data. Currently, this data is consumed by Peakflow SP, where global route and associated BGP attribute reachability and stability reporting are delivered to Peakflow SP customers via the Peakflow SP user interface.
The data shared via all the programs listed above may be used at any time by Arbor in research and periodic reports. Additionally, Arbor reserves the right to employ such data with various Arbor programs and technologies, including but not limited to Peakflow SP, Peakflow X, and ATLAS.
Arbor Networks has developed innovative and customer-driven solutions to solve some of the Internet's greatest problems. From DDoS attacks to botnets, Arbor continues to deliver next-generation solutions to solve problems on the Internet forefront. With your participation and support, Arbor can continue to offer to you, your customers, and the Internet community at large the tools and resources to better protect the core Internet infrastructure that the world relies upon. If you have any questions, comments or concerns, please send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. .