Denial-of-service attacks, typically launched by malicious hackers from commandeered servers, can be stopped with security products that can detect and block outgoing attacks, security experts said.
But Internet service providers and hosted services need to invest in such products before distributed denial-of-service attacks will cease to be a feature of the Internet, they said. Such attacks are normally passed from ISP to ISP until they hit their target, swamping it with meaningless messages.
“Some responsibility does lie with the ISPs,” said Dave McClure, a spokesman at the U.S. Internet Industry Association. “If you see a guy about to light a cigarette in front of a gallon bucket of gasoline, youre obligated to warn him.
ISPs currently block an attack if they are notified of one by a neighboring ISP or customer. But many attacks are passed on unwittingly due to lack of monitoring in outgoing traffic, said Richard Helgeson, chief executive of Captus Networks.
Captus has combined an intrusion detection system with a firewall that can be configured on the fly. The system learns the statistical patterns of the network and watches for exceptions. When it detects an attack, it sets rules for the firewall to block the port through which the traffic is traveling. The firewall also can block a specific Transport Control Protocol/Internet Protocol address; it can shut down an individual session or take other actions to block the denial-of-service traffic “without disruption of legitimate traffic,” Helgeson said.
In addition, online security services such as BINDview, Pilot Network Services and Riptech prevent passing along denial-of-service attacks.