New cyber attack method surfaces

Over the past six weeks, U.S. network servers have come under assault by a fundamentally new style of computer attack, said experts here at the National Information Systems Security Conference.

Known as "distributed coordinated attacks," this new style is particularly good at defeating present-day defenses against those intent on stopping Internet traffic to a particular company or Internet service -- a result known as denial of service.

"It's possible to detect the attack, but it is very hard to block it" using current software, said Thomas Longstaff, senior technical researcher for Software Engineering Institute at Carnegie Mellon University, during a panel presentation Tuesday.

A garden-variety denial-of-service attack uses a single server to attempt to tie up a network's connection, denying its users access to or from the Internet. Distributed coordinated attacks, however, use hundreds or thousands of servers co-opted by a malicious programmer to tag-team a single server. Because so many servers are used, each attack can be camouflaged as a legitimate connection attempt, making it difficult for the victim's intrusion software to identify that it is under attack and impossible to identify just who is attacking.

"Typically, you block the single network address that is attacking you," said Longstaff, whose group works with the Computer Emergency Response Team Coordination Center at Carnegie Mellon. CERT/CC tracks and responds to network attacks. "By spreading out the attack over a large number of addresses, it becomes much harder to deal with."