"It's possible to detect the attack, but it is very hard to block it" using current software, said Thomas Longstaff, senior technical researcher for Software Engineering Institute at Carnegie Mellon University, during a panel presentation Tuesday.
A garden-variety denial-of-service attack uses a single server to attempt to tie up a network's connection, denying its users access to or from the Internet.
Distributed coordinated attacks, however, use hundreds or thousands of servers co-opted by a malicious programmer to tag-team a single server.
Because so many servers are used, each attack can be camouflaged as a legitimate connection attempt, making it difficult for the victim's intrusion software to identify that it is under attack and impossible to identify just who is attacking.
"Typically, you block the single network address that is attacking you," said Longstaff
, whose group works with the Computer Emergency Response Team Coordination Center at Carnegie Mellon
CERT/CC tracks and responds to network attacks.
"By spreading out the attack over a large number of addresses, it becomes much harder to deal with.
A 'handful' of attacks Longstaff
and others have already locked horns with intruders using the distributed coordinated method of attack.
In the past six weeks, a "handful of sites" have been attacked, taking them off the Internet for an unspecified amount of time, he
would not give any more details.