Abstract
The exponential growth of Internet traffic has made public servers increasingly vulnerable to unauthorized accesses and intrusions. So far, the focus of most studies of this problem has been on either blocking unused ports (fire-walling) or detecting attacks with an intrusion detection system (IDS). In this paper we introduce the design and implementation of SecureDirect, which is an attempt for addressing the problem of intrusion prevention by combining an IDS with a stateful load balancer. SecureDirect is a real time load balancer that distinguishes between traffic coming from "good" clients and traffic originating from attackers. Based on this, traffic from an identified attacker is redirected to an alternative server, where damage can be mitigated. The advantage of this system is that it blocks intrusions in a manner transparent to the attacker, and allows for observation and investigation of attacks in order to enable the administrator to take appropriate action. We also suggest possible uses for this type of system, and then present the results of a series of stress tests against our implementation of the idea.