Harmful or malicious attacks on networked computer systems often take the form of a Distributed Denial of Service (DDoS) attack, in which the attacker attempts to overwhelm or disrupt a computer or network gateway by monopolizing a disproportionate share of system resources via bombardment or infiltration of messages or other resource demanding entities. Conventional DDoS attacks typically target a particular email or network address, and send an abnormally large number of emails or packets to force the target system to allocate resources to the point of exclusion of other processing, effectively disabling the target computer or network gateway along with other computers or entities which depend on it. For example, such an attack on an access gateway, such as a router or switch, into a Local Area Network (LAN) can effectively segregate the LAN from the rest of the network (e.g. Internet) by burdening, or flooding, the gateway with such DDoS messages.
A particular type of malicious attack is described by Jakobsson and Menczer as an “untraceable email cluster bomb.” The general form of the attack is to use some of the very large number of email-sending forms available on the web to launch an anonymous email attack on a party (arXiv technical report cs.CY/0305042, May 2003; rsasecurity.com/rsalabs/staff/bios/mjakobsson). The reference discusses both a “best practices” approach to be adopted by web sites offering forms and particular defense approaches once an attack is recognized. A cooperative measure is proposed which identifies practices beneficial to a group of addresses to be protected. Therefore, the proposed techniques suggest a set of guidelines for the group, and is therefore dependent on “everyone doing the right thing”, and on distinguishing attack from non-attack in order to effect remedial measures upon detection of an attack.