News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Device Profile: Arxceo Ally ip100 intrusion prevention device

Nov 9, 2005 — by LinuxDevices Staff — from the LinuxDevices Archive — 7 views

Arxceo used embedded Linux to build a small anti-reconnaissance, anti-intrusion device the size of an eyeglasses case. The Ally ip100 can be installed in front of wireless access points or at the edge of 100Mbps networks, where it provides behavior-based intrusion detection and prevention, the company says.

The Ally ip100 is about the size of any eyeglasses case

The Windows-based Ally ip1000
(Click to enlarge)

Previously, Arxceo shipped the Ally ip1000 (pictured at right), a gigabit Ethernet-enabled device targeting the enterprise security market, and based on Windows XP Embedded.

Arxceo says that unlike firewalls that analyze packet fingerprints, its security devices analyze network behavior, spotting protocol misuse via statistical analysis. The company claims this allows the devices to foil exploits based on vulnerabilities that have not yet been identified and patched — “zero-day exploits,” in computer security jargon.

According to Arxceo, the Ally ip100 can frustrate cracker efforts to probe networks for potential vulnerabilities. It has no IP address of its own, does not respond to MAC addresses, and does not increment hop counts or decrement TTL (time-to-live) counters, the company says.

The Ally ip100 has a web-based management interface, and also reports security events via SNMP (simple network management protocol) to an included Windows-based management application. It can prevent DNS cache poisoning, network reconnaissance, spoofed TCP traffic, and denial-of-service attacks, the company claims.

What makes it tick?

The Ally ip100 is based on an ARM processor clocked at 200MHz. It boots a Linux 2.6-series kernel from 16MB of Intel Strata-Flash Xtended memory, and runs in 64MB of DRAM. Its only I/O ports comprise two 100BaseT Ethernet ports, located at either end.

In addition to a Linux 2.6-based kernel, the Ally ip100 runs uClibc and busybox. It also runs a small, lightweight core application called “Tag-UR-IT” (tagged universal resource information transmission). Tag-UR-IT has a footprint of only 100KB, and places few demands on its hardware platform, the company says.

According to Co-founder and Marketing VP J. Chandler Hall, Arxceo chose Linux because it offered lower per-unit cost than Microsoft Windows, and because Linux was the only OS supported on the basic hardware platform the company wanted to use. Hall adds, “We want to offer both Linux and Windows-based products. With this effort completed, we will now roll the Linux version into our [ip1000] 1000BaseT enterprise class platform, to allow customers to have their choice.”

Hall notes that Arxceo staff implemented the Ally ip100's firmware in-house, and found limited documentation to pose the biggest challenge. “While our engineering team found it invaluable to be able to go through the actual code, better documentation could have improved our time-to-market for the product,” Hall stated.

Overall, Hall says, Arxceo's design team is “very pleased” with the embedded Linux environment. He adds, “If pricing models stay relatively the same, we believe Linux will continue to have a large amount of design wins in the embedded market. If Windows becomes more price competitive on a per-unit basis, it may begin to take design wins away from Linux — but that is mostly dependent on the actual application, and what is being done with it.”


Arxceo expects the Ally ip100 to ship on December 1, 2005, with an MSRP of about $900.

A similar small, Linux-based in-line security device called mGuard is also available from German security specialist Innominate.

This article was originally published on and has been donated to the open source community by QuinStreet Inc. Please visit for up-to-date news and articles about Linux and open source.

Comments are closed.