Net companies fortify as more sites get hacked

Almost half of the Internet8217;s top stops have been affected in the recent spate of denial-of-service attacks. Sites affected are: AOL Network, Yahoo Sites, Microsoft Sites, Lycos, ExciteHome, Go Network, Amazon, NBC Internet, About.com Sites, Time Warner Online, Real.com Network, AltaVista Sites, Go2Net Network, EBay, CNET, ZDNet Sites.

Several big Internet stocks fell as investors worried about security problems on the Web. Meanwhile, several companies that sell security software saw their stocks jump.

At BMC Software Inc., senior vice president Robert E. Beauchamp organized a team of engineers at Amazon.com8216;s request to try to adapt its Web-site monitoring software to respond to the hackers8217; crippling technique, known as quot;denial of service.quot; Their idea: Use the monitoring software to trigger a program that could re-route the attack to a standby computer where the source of the attack could be isolated and studied, saving the main site from being overwhelmed.

research,quot; said Mr. Beauchamp. He explained that the relatively unsophisticated nature of the attack 8212; commandeering computers to initiate rapid-fire information requests 8212; is hard to guard against. quot;They8217;re not hackers 8212; it8217;s just click like crazy,quot; he said.

One problem for Web companies: The technology that can fend off the hackers also slows Internet performance. Two available technologies are quot;filtering,quot; which looks at Internet traffic patterns and sometimes can examine the traffic itself, and switches that distribute traffic from one clogged computer server to others.

Frank Dzubeck, an analyst at market researcher Communications Network Architects, Washington, D.C., said the routers that direct traffic around the Internet can include filtering software that would screen out suspicious traffic. quot;But you8217;re going to find no one turning on filters in high-end routers, because that would slow them down,quot; Mr. Dzubeck said.

Web-site operators are reluctant to use the technology, Mr. Dzubeck said, because their value on Wall Street often is linked to how much traffic they attract. quot;This world is based on clicks and hits,quot; Mr. Dzubeck said.

The same is true for the technique for redistributing traffic. Big Web sites, such as Yahoo, store their information on multiple computers scattered around the globe and are beginning to use technology that directs traffic from overloaded computers to less-busy servers. But this technology is not in widespread use.

Case in point: Buy.com Inc. uses switches from Alteon WebSystems Inc., San Jose, Calif., in its Web site. But the online retailer, which was hit by hackers on Tuesday, had not activated Alteon8217;s technology to redirect Web traffic to other computers. quot;That8217;s a feature on our switch that you have to pay for and turn on,quot; an Alteon spokesman said. Alteon charges 3,000 per switch, or 18,000 for a Web site with three locations and two switches at each.

By contrast, the spokesman said, this quot;server-switchingquot; feature allowed Ticketmaster Online-CitySearch Inc. to keep its Web site up last fall when its primary Internet-service provider failed. Of course, it8217;s not as simple as throwing a switch. Before Web-site operators can redirect traffic to other computers, they have to install those computers, duplicate their content and pay for additional network connections.

Digital Island Inc., which quot;hostsquot; other companies8217; Web sites on its computers, says it uses technology to examine Internet traffic coming into its data centers. Even though hackers frequently disguise the source of their traffic, Digital Island says its technology can distinguish between legitimate requests and suspicious traffic designed to shut down a Web site.

Internet traffic is broken down into quot;packetsquot; of ones and zeros. Legitimate packets quot;are designed to elicit a response,quot; said Allan Leinwand, Digital Island8217;s chief technology officer. But packets sent as part of hacker attacks typically lack this information. quot;Knowing the type of packet allows you to make a determinationquot; whether to let it through, Mr. Leinwand. He declined to be more specific, fearing that hackers would use the information to develop new means of attack.

Mr. Leinwand said Digital Island had detected what appeared to be hacker attacks aimed at several of its customers in recent days but had deflected all within minutes. quot;We8217;re very, very paranoid,quot; he said.

Digital Island hosts the Web site of ETrade. Mr. Leinwand declined to comment on what happened at ETrade or whether Digital Island was able to deflect an attack.

Internet security companies said they were flooded with requests from companies seeking new defenses for their sites.

Christopher Klaus, chief technology officer of Internet Security Systems Inc., said the company got calls throughout Wednesday about its software programs, which automatically scan computer networks for security vulnerabilities. The stocks of many prominent securit-software companies, including Internet Security Systems, WatchGuard Technologies Inc. and Check Point Software Technologies Ltd., jumped Wednesday as news of th attacks spread.

The hacker attacks could prove to be advantageous for another business: e-commerce insurance. For the past year, a growing list of insurance brokers and insurers have been trying to peddle these policies, which can cost a company from 10,000 to 25,000 per million dollars of coverage. The insurers promise to pay up if hackers or other Internet perils disrupt an insured company8217;s business or expose them to liability losses.

quot;For the past 48 hours, my phone has been ringing literally off the hook with requests for informationquot; on this insurance coverage, said Ty Sagalow, executive director of e-business product development at New York insurer American International Group Inc. WSJ