Internet warning system attacked

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1003-200-6016900.html?tag=lh

By Robert Lemos
Special to CNET News.com 
May 23, 2001, 2:00 p.m. PT 

Update: Unknown attackers inundated the Computer Emergency Response
Team Coordination Center with data Tuesday and Wednesday, cutting off
the public's access to the organization largely responsible for
warning others on the Internet about computer-security threats.

The attack began around 9 a.m. PDT Tuesday and continued to stall
traffic to the organization's Web site Wednesday. Access to the site
was sporadic early Wednesday, with the Carnegie Mellon
University-based center reportedly accessible from the eastern United
States but inaccessible to many other site users.

"Our connection to the Internet has been largely saturated by this
activity," Ian Finlay, an Internet security analyst for the CERT
Coordination Center, said in a recorded statement. "The www.cert.org
Web site may be unavailable until the attack begins to subside."  By
midday Wednesday, the site was once again fully accessible.

Although the attack prevented anyone from accessing the security
advisories on CERT's Web site, the Center said it was able to get the
word out on critical alerts.

"We have alternate means to issue advisories as it becomes necessary,"
Finlay said in the statement.

Chris Wysopal, director of research and development for security
service firm @Stake, said CERT's predicament was ironic.

"They are the people that tell you how to protect against the
problems," he said. "But the fact is, no one can totally protect
against these types of attack."

The attack also underscored the risk of putting the United States'
computer-alert teams under one umbrella.

"It highlights the fact that we need many different sources of
security info," Wysopal said. "When all the information becomes too
centralized, that's a security problem in and of itself."

While CERT is an important security advisory group, several others
exist, including the Computer Incident Advisory Center, so-called
information sharing and analysis centers, and several advisory sites
run by security companies.

Denial-of-service attacks attempt to overload or crash computers
connected to the Internet so people can't access them. A common type
of attack, called a flood attack, aims to overload a targeted computer
with so much data that it can no longer process legitimate access
attempts.

"We get attacked every day," said Richard D. Pethia, director of the
Networked Systems Survivability Program at Carnegie Mellon's Software
Engineering Institute, which includes the CERT/CC. "This is just
another attack. The lesson to be learned here is that no one is immune
to these kinds of attacks. They cause operational problems, and it
takes time to deal with them."





ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.