Security center's site takes a hit

Security center's site takes a hit


The CERT Coordination Center's Web site at Carnegie Mellon University's Software Engineering Institute went down under a distributed denial-of-service attack last month and remained offline for more than two days.

The attacks began about 11:30 a.m. on May 22, and access to the site remained slow or impossible through May 24. CERT officials were closemouthed about the sources of the attack and their response to it.

The White House site, at, also appeared to be under attack on May 22. Access was denied or hampered for a number of hours, a White House spokesman confirmed. There was no indication that the two events were related.

A recent study by researchers at the University of California counted more than 4,000 denial-of-service attacks a week throughout the world.

'None of our data has been compromised, and we are still in business,' said Ian Finlay, CERT's Internet security analyst, at the height of the attack. 'We are able to issue advisories via e-mail if necessary, and our staff is available through the CERT hotline.'

The center, originally known as the Computer Emergency Response Team, is the national clearinghouse for information about cyberthreats, vulnerabilities and fixes. Set up in 1988, it is funded in part by $3.5 million from the federal government, mostly from the Defense Department. The center provides operational support to the General Services Administration's Federal Computer Incident Response Center.

'If it could happen to CERT, it could happen to anybody,' spokesman Bill Pollack said. 'That's not a very comforting lesson, but that's the lesson.'

Dam the packet floods

The success of the attack says more about the difficulty of fending off distributed attacks than about CERT's security. Service denial does not require penetrating a target's security systems. It simply overwhelms public areas by traffic volume or confuses the server with malformed packets. And multiple sources of attack are difficult to stop upstream.

A CERT report in December 1999, after the first distributed denial-of-service attacks, emphasized the importance of planning ahead.

'The security of any network on the Internet depends on the security of every other network,' the report said.

Once an attack begins, administrators need access to complete log data so they can block suspicious traffic at routers. Spotting hostile traffic takes time. Stopping it requires the cooperation of service providers upstream, and communication may have to occur by telephone.

'We get attacked every day,' said Richard D. Pethia, director of the Networked Systems Survivability Program at the Software Engineering Institute. 'The lesson to be learned here is that no one is immune.'

The CERT hotline numbers are 412-268-7090 for voice and 412-268-6989 for fax.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected