Skip to Content

Stemming the Flood

Software: New devices could protect Web sites from a common threat.
September 1, 2001

Since January of 2000, computer saboteurs have knocked out some of the biggest sites on the Web-like eBay,, and Microsoft’s Hotmail and Expedia-by flooding them with bogus Internet traffic. Unlike most computer sabotage, swamping a server requires no breach of security and little computer expertise. The inundating traffic is otherwise innocuous; there’s just too much of it, coming too fast. And programs for launching these “denial-of-service” attacks-so called because the bogus traffic denies legitimate users access to the server-can easily be found online.

But new hardware from several U.S. startups could help sites identify attacks before their servers go under. The leading approach is to monitor a Web site’s traffic, determine its typical ranges of activity and then flag suspicious fluctuations. “One thing about these attacks,” says Rob Malan, chief technology officer and cofounder of one of the startups, Waltham, MA-based Arbor Networks, “is that they are not subtle.” Indeed, they even look much different from the sudden surges of traffic that might accompany, say, an ad for your Web site that runs during the Super Bowl; in a denial-of-service attack, a few computers might download the same data thousands of times, for example. Once identified, bad traffic can be filtered out of the data stream.

When a packet of data travels over the Internet, it passes through a series of routers. Each router looks at the packet, reads its addressing and identification information, and speeds it on its way. Most high-end routers keep statistics on the traffic they see, so both Arbor and Seattle-based Asta Networks sell boxes that plug into routers, analyze their traffic statistics and alert network operators to any anomalies. The Arbor box, which reached the market in May, sends suggested criteria for filtering bad data along with the alert; Asta’s device, released in June, instead sends an exhaustive profile of the suspect traffic.

Mazu Networks of Cambridge, MA, offers a variation on the theme: a device that taps directly into the data stream to observe the traffic whizzing by. The Mazu box isn’t tied to any particular router technology and can, if necessary, investigate a packet’s cargo, which routers don’t examine. But unlike Arbor and Asta, it can’t yet handle the top speeds of the fastest Internet connections available; and it requires a second device to filter bad packets. The Mazu system completed beta testing in April and was formally launched in June.

Captus Networks of Woodland, CA, takes a different approach. The Captus device allows network operators to set a rate limit on incoming traffic. When the limit is exceeded, the device sends standard Internet Protocol requests to all the computers connected to it, asking that they slow their transmissions. Computers generating legitimate traffic respond accordingly; malicious computers don’t, and their traffic is then filtered out.

Some industry insiders worry that such close attention to each incoming packet could slow a network down. “I don’t want another box inline to pass my packets through,” says analyst Michael Rasmussen of Giga Information Group. But Zeus Kerravala of the Yankee Group believes the Captus device is fast enough to keep up with server traffic for “at least a year and a half to two years,” and that “the technology will improve in that time.” NASA’s Ames Research Center and Exodus Communications of Santa Clara, CA, are currently evaluating the device.

With four new options to choose from, the Web’s most popular sites should-for the time being-be able to shield themselves from vindictive 13-year-olds.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.