CERT hit by DDoS attack for a third day

CERT/CC, one of the Internet’s leading network security sites, was sporadically unavailable for the third consecutive day Thursday due to a Distributed Denial of Service attack, a spokesman said.

CERT/CC, the Computer Emergency Response Team/Coordination Center, is a U.S. government-funded research and development centre based at Carnegie Mellon University in Pittsburgh. The centre’s Web site has been unavailable, off and on, since Tuesday when it came under a Distributed Denial of Service (DDoS) attack.

A DDoS attack is one in which a number of computers worldwide are harnessed, often through hacking, to flood a site with requests for service. Due to the volume of requests, the victim computer cannot distinguish between standard and attack traffic, thus keeping anyone from getting access.

Such attacks are launched around 4,000 times each week, according to a study released earlier in the week by researchers at the University of California at San Diego.

“The recent activity directed against the CERT Coordination Center (CERT/CC) Web site is not unique. On a daily basis, the CERT/CC is the target of attack attempts by intruders, and has been for many years,” said Jeffrey Carpenter, manager of the CERT/CC, echoing CERT/CC director Richard Pethia’s statement from Wednesday.

Security companies say similar things.

“The problem (of DoS attacks) is really pervasive,” said Christine Washburn, director of marketing at Mazu Networks Inc., which sells an anti-DDoS product.

Launching such attacks is easier than ever before thanks to automated tools, Washburn said, noting that the recent attacks, such as those on the White House’s Web site, were fairly simplistic.

The ease with which DDoS attacks can be launched is troubling, she said. “People have got to take this seriously.”

Taking the situation seriously is not simply a matter of installing patches and firewalls and closely monitoring servers, she said. Rather, companies and organizations like CERT/CC need the ability to stop DDoS attacks, not just hope that they end quickly, she said.

Firewalls and other devices won’t work to stop DDoS attacks because they aren’t close enough to the guts of the Internet, Washburn said. Instead, the approach that the Mazu system takes is to use a distributed system located closer to the heart of the Internet that can filter normal traffic from attack traffic and monitoring systems for early signs of trouble.

CERT/CC’s Carpenter underscored Washburn’s point.

“The nature of the protocols and technology used for the Internet causes organizations to be dependent on the security of others. Thus, no organization, including the CERT/CC, is completely immune to occasional service disruptions,” he said.

CERT/CC’s Web site was back on-line midday Thursday.

CERT/CC, in Pittsburgh, can be contacted at http://www.cert.org.