CERT Hit By Denial-Of-Service Attack

The Carnegie Mellon Computer Emergency Response Team Coordination Center (CERT/CC) has confirmed that its Web site has been under attack by a distributed denial-of-service attack since 11:30 a.m. Eastern time Tuesday. The Web site, which provides Internet security vulnerability information to the public, has been largely unavailable.

CERT issued a statement saying it has alternate means to issue security advisories, such as E-mail, and staff is still manning the security hot line. According to a statement issued on the site, CERT is working with various organizations, including Internet service providers, to resolve and investigate the attack.

Ted Julian, chief strategist and co-founder of Arbor Networks Inc., a security vendor offering software that defends against such attacks, says the attack against CERT points to the overwhelming trouble that regular companies face when hit by such assaults. "These are the experts who tell you how to deal with such threats. If it takes them over a day to overcome a DDOS attack, how long will it take your average corporation to contend with such attacks?"

Frank Prince, a Forrester Research security analyst, surmises that whoever launched the attack has probably done so for the sheer notoriety. And while it's ironic that a Web site designed to help defend against such attacks gets successfully nailed, Prince adds, "If you want to attack the folks best prepared to track down who did it, these folks probably attacked the right Web site."