Security center's site takes a hit

Security center's site takes a hit

BY WILLIAM JACKSON | GCN STAFF

The CERT Coordination Center's Web site at Carnegie Mellon University's Software Engineering Institute went down under a distributed denial-of-service attack last month and remained offline for more than two days.

The attacks began about 11:30 a.m. on May 22, and access to the site remained slow or impossible through May 24. CERT officials were closemouthed about the sources of the attack and their response to it.

The White House site, at www.whitehouse.gov, also appeared to be under attack on May 22. Access was denied or hampered for a number of hours, a White House spokesman confirmed. There was no indication that the two events were related.

A recent study by researchers at the University of California counted more than 4,000 denial-of-service attacks a week throughout the world.

'None of our data has been compromised, and we are still in business,' said Ian Finlay, CERT's Internet security analyst, at the height of the attack. 'We are able to issue advisories via e-mail if necessary, and our staff is available through the CERT hotline.'

The center, originally known as the Computer Emergency Response Team, is the national clearinghouse for information about cyberthreats, vulnerabilities and fixes. Set up in 1988, it is funded in part by $3.5 million from the federal government, mostly from the Defense Department. The center provides operational support to the General Services Administration's Federal Computer Incident Response Center.

'If it could happen to CERT, it could happen to anybody,' spokesman Bill Pollack said. 'That's not a very comforting lesson, but that's the lesson.'

Dam the packet floods

The success of the attack says more about the difficulty of fending off distributed attacks than about CERT's security. Service denial does not require penetrating a target's security systems. It simply overwhelms public areas by traffic volume or confuses the server with malformed packets. And multiple sources of attack are difficult to stop upstream.

A CERT report in December 1999, after the first distributed denial-of-service attacks, emphasized the importance of planning ahead.

'The security of any network on the Internet depends on the security of every other network,' the report said.

Once an attack begins, administrators need access to complete log data so they can block suspicious traffic at routers. Spotting hostile traffic takes time. Stopping it requires the cooperation of service providers upstream, and communication may have to occur by telephone.

'We get attacked every day,' said Richard D. Pethia, director of the Networked Systems Survivability Program at the Software Engineering Institute. 'The lesson to be learned here is that no one is immune.'

The CERT hotline numbers are 412-268-7090 for voice and 412-268-6989 for fax.

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group