Security center's site takes a hit

Security center's site takes a hit


The CERT Coordination Center's Web site at Carnegie Mellon University's Software Engineering Institute went down under a distributed denial-of-service attack last month and remained offline for more than two days.

The attacks began about 11:30 a.m. on May 22, and access to the site remained slow or impossible through May 24. CERT officials were closemouthed about the sources of the attack and their response to it.

The White House site, at, also appeared to be under attack on May 22. Access was denied or hampered for a number of hours, a White House spokesman confirmed. There was no indication that the two events were related.

A recent study by researchers at the University of California counted more than 4,000 denial-of-service attacks a week throughout the world.

'None of our data has been compromised, and we are still in business,' said Ian Finlay, CERT's Internet security analyst, at the height of the attack. 'We are able to issue advisories via e-mail if necessary, and our staff is available through the CERT hotline.'

The center, originally known as the Computer Emergency Response Team, is the national clearinghouse for information about cyberthreats, vulnerabilities and fixes. Set up in 1988, it is funded in part by $3.5 million from the federal government, mostly from the Defense Department. The center provides operational support to the General Services Administration's Federal Computer Incident Response Center.

'If it could happen to CERT, it could happen to anybody,' spokesman Bill Pollack said. 'That's not a very comforting lesson, but that's the lesson.'

Dam the packet floods

The success of the attack says more about the difficulty of fending off distributed attacks than about CERT's security. Service denial does not require penetrating a target's security systems. It simply overwhelms public areas by traffic volume or confuses the server with malformed packets. And multiple sources of attack are difficult to stop upstream.

A CERT report in December 1999, after the first distributed denial-of-service attacks, emphasized the importance of planning ahead.

'The security of any network on the Internet depends on the security of every other network,' the report said.

Once an attack begins, administrators need access to complete log data so they can block suspicious traffic at routers. Spotting hostile traffic takes time. Stopping it requires the cooperation of service providers upstream, and communication may have to occur by telephone.

'We get attacked every day,' said Richard D. Pethia, director of the Networked Systems Survivability Program at the Software Engineering Institute. 'The lesson to be learned here is that no one is immune.'

The CERT hotline numbers are 412-268-7090 for voice and 412-268-6989 for fax.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected