CERT hit by service denial attackgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
CERT hit by service denial attackBy William Jackson GCN Staff
MAY 24—The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute is under fire from a distributed denial-of-service attack that has taken its Web site offline for several days.
The attack, apparently from numerous computers working together, began Tuesday. The site, www.cert.org, remained unavailable this morning.
The center, originally called the Computer Emergency Response Team, is the national clearinghouse for information about cyberthreats, vulnerabilities and fixes. Ironically, its victimization says more about the difficulty of protecting against a service denial attack than about the site’s security.
Such an attack does not require penetration of security systems. It merely overwhelms the public areas by sheer traffic volume or confuses the server with malformed packets. A distributed attack is difficult to defend against, both because of the volume of malicious traffic and because multiple sources are difficult to stop upstream.
http://www.gcn.com/vol1_no1/news/4299-1.html
-- Martin Thompson (mthom1927@aol.com), May 24, 2001
News Story White House confirms denial of service attackBy: David McGuire May 25, 2001 URL: http://www.computeruser.com/news/01/05/25/news3.html
Whitehouse.gov was hit Tuesday by a denial of service attack that rendered the site inaccessible for more than six hours, White House spokesperson Jimmy Orr said.
The attack, which lasted from roughly 2:00 p.m. EDT until after 8:00 p.m. EDT, created traffic that was "heavy enough to block most legitimate users," Orr said.
The denial of service attack was the third this month directed against Whitehouse.gov, which on May 4 was rendered inaccessible for more than three hours by a similar strike.
Whitehouse.gov also suffered a brief outage from a smaller denial of service attack that hit the site on May 7.
The May 4 attack was apparently linked to a pate of Web site hacks and defacements launched by Chinese and pro-Chinese Internet vandals during the first week of May.
A large group of pro-Chinese hackers called the "Hackers Union of China" (HUC), were responsible for numerous attacks on U.S. government and commercial sites earlier this month.
Orr could not say whether Tuesday's attack was linked to the earlier incidents.
Orr did stress that at no time was the White House site cracked, Vandalized, or in any other way compromised.
Reported by Newsbytes.com, http://www.newsbytes.com.
-- Martin Thompson (mthom1927@aol.com), May 25, 2001.
Weather Channel Hit by DoS AttackBy Rutrell Yasin, InternetWeek May 24, 2001 (2:19 PM)
URL: http://www.internetwk.com/story/INW20010524S0010
A denial-of-service attack on Wednesday disrupted the operations of weather.com, the official site of the Weather Channel. The attack, which caused the first outage in the site's six-year history, started at 11:00 am (EST), limiting access to the site and slowing performance for nearly seven hours. Although access to the site was blocked, important weather information was not compromised, weather.com officials said. The site was back up by 6 PM (EST).
Hackers overloaded the company's routers and those of its web hosting company, Exodus Communications, with bogus traffic, said Dan Agronow, weather.com's director of site operations.
To counter the attack, weather.com moved to another dedicated router in Exodus's facility and installed filtering software to protect switches and servers, as well as intrusion detection software to record all ongoing activity, Agronow said. Plus, the company is working with Exodus to deploy additional sniffer technology to monitor network traffic.
"There's a possibility the attack was a diversionary tactic to break into [the company's] servers," Agronow noted. As a result system administrators are checking the logs of the company's 140 servers for suspicious activity, he added.
Fortunately, Wednesday was a relatively mild weather day across the nation -- with only 33 incidents of severe weather reported. However, on Tuesday severe weather reports totaled more than 100, with several possible tornadoes.
"Site traffic is highly variable, depending on the weather. Traffic can quadruple in the course of an hour,' said Debora Wilson, president and CEO of weather.com.
The site can sustain that spike, she added. The disruption of service is being taken very seriously since so many people depend on the site for information that affects their activities, families and properties, she added. The company is working with the necessary laws enforcement agencies to investigate the attack, she said.
The attack comes on the heels of a DoS attack on Tuesday that disrupted the operations of the Computer Emergency and Responses Team (CERT) Coordination Center, the organization responsible for warning Internet users about security threats. The FBI's National Infrastructure Protection Center recently issued an advisory warning corporations and government agencies about an upswing in denial of service activity
-- Martin Thompson (mthom1927@aol.com), May 25, 2001.