[ISN] Internet warning system attacked

From: InfoSec News (isnat_private)
Date: Wed May 23 2001 - 16:13:50 PDT

  • Next message: InfoSec News: "[ISN] FAA awarding security contract"

    By Robert Lemos
    Special to CNET News.com 
    May 23, 2001, 2:00 p.m. PT 
    Update: Unknown attackers inundated the Computer Emergency Response
    Team Coordination Center with data Tuesday and Wednesday, cutting off
    the public's access to the organization largely responsible for
    warning others on the Internet about computer-security threats.
    The attack began around 9 a.m. PDT Tuesday and continued to stall
    traffic to the organization's Web site Wednesday. Access to the site
    was sporadic early Wednesday, with the Carnegie Mellon
    University-based center reportedly accessible from the eastern United
    States but inaccessible to many other site users.
    "Our connection to the Internet has been largely saturated by this
    activity," Ian Finlay, an Internet security analyst for the CERT
    Coordination Center, said in a recorded statement. "The www.cert.org
    Web site may be unavailable until the attack begins to subside."  By
    midday Wednesday, the site was once again fully accessible.
    Although the attack prevented anyone from accessing the security
    advisories on CERT's Web site, the Center said it was able to get the
    word out on critical alerts.
    "We have alternate means to issue advisories as it becomes necessary,"
    Finlay said in the statement.
    Chris Wysopal, director of research and development for security
    service firm @Stake, said CERT's predicament was ironic.
    "They are the people that tell you how to protect against the
    problems," he said. "But the fact is, no one can totally protect
    against these types of attack."
    The attack also underscored the risk of putting the United States'
    computer-alert teams under one umbrella.
    "It highlights the fact that we need many different sources of
    security info," Wysopal said. "When all the information becomes too
    centralized, that's a security problem in and of itself."
    While CERT is an important security advisory group, several others
    exist, including the Computer Incident Advisory Center, so-called
    information sharing and analysis centers, and several advisory sites
    run by security companies.
    Denial-of-service attacks attempt to overload or crash computers
    connected to the Internet so people can't access them. A common type
    of attack, called a flood attack, aims to overload a targeted computer
    with so much data that it can no longer process legitimate access
    "We get attacked every day," said Richard D. Pethia, director of the
    Networked Systems Survivability Program at Carnegie Mellon's Software
    Engineering Institute, which includes the CERT/CC. "This is just
    another attack. The lesson to be learned here is that no one is immune
    to these kinds of attacks. They cause operational problems, and it
    takes time to deal with them."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Thu May 24 2001 - 00:33:05 PDT