Since January of 2000, computer saboteurs have knocked out some of the biggest sites on the Web-like eBay, Amazon.com, and Microsoft's Hotmail and Expedia-by flooding them with bogus Internet traffic. Unlike most computer sabotage, swamping a server requires no breach of security and little computer expertise. The inundating traffic is otherwise innocuous; there's just too much of it, coming too fast. And programs for launching these "denial-of-service" attacks-so called because the bogus traffic denies legitimate users access to the server-can easily be found online.

But new hardware from several U.S. startups could help sites identify attacks before their servers go under. The leading approach is to monitor a Web site's traffic, determine its typical ranges of activity and then flag suspicious fluctuations. "One thing about these attacks," says Rob Malan, chief technology officer and cofounder of one of the startups, Waltham, MA-based Arbor Networks, "is that they are not subtle." Indeed, they even look much different from the sudden surges of traffic that might accompany, say, an ad for your Web site that runs during the Super Bowl; in a denial-of-service attack, a few computers might download the same data thousands of times, for example. Once identified, bad traffic can be filtered out of the data stream.

When a packet of data travels over the Internet, it passes through a series of routers. Each router looks at the packet, reads its addressing and identification information, and speeds it on its way. Most high-end routers keep statistics on the traffic they see, so both Arbor and Seattle-based Asta Networks sell boxes that plug into routers, analyze their traffic statistics and alert network operators to any anomalies. The Arbor box, which reached the market in May, sends suggested criteria for filtering bad data along with the alert; Asta's device, released in June, instead sends an exhaustive profile of the suspect traffic.

Mazu Networks of Cambridge, MA, offers a variation on the theme: a device that taps directly into the data stream to observe the traffic whizzing by. The Mazu box isn't tied to any particular router technology and can, if necessary, investigate a packet's cargo, which routers don't examine. But unlike Arbor and Asta, it can't yet handle the top speeds of the fastest Internet connections available; and it requires a second device to filter bad packets. The Mazu system completed beta testing in April and was formally launched in June.