The Computer Emergency Response Team/Coordination Center (CERT/CC), one of the Internet's leading network security sites, was sporadically unavailable for the third consecutive day yesterday as it suffered a serious attack by hackers.
The hackers initiated a Distributed Denial of Service (DDoS) attack Tuesday, and have maintained the attack all week.
CERT/CC is a US government-funded research and development centre based at Carnegie Mellon University, Pittsburgh. A DDoS attack is one in which a number of computers worldwide are harnessed, often through hacking, to flood a site with requests for service. Due to the volume of requests, the victim computer cannot distinguish between standard and attack traffic, thus preventing anyone from getting access.
Web attacks A recent US study claims such attacks are launched 4,000 times per week.
Jeffrey Carpenter, manager of CERT/CC, said: "The recent activity directed against CERT/CC is not unique. CERT/CC is the target of daily attacks, and has been for many years."
Launching such attacks is easier than ever before thanks to automated tools.
Taking the situation seriously is not simply a matter of installing patches and firewalls, and closely monitoring servers, said an Internet security firm representative. Companies and organizations such as CERT/CC need the ability to stop DDoS attacks, not just hope that they end quickly.
Firewalls and other devices won't work to stop DDoS attacks because they aren't close enough to the guts of the Internet. An alternative approach is to use a distributed system located closer to the heart of the Internet, which can filter normal traffic from attack traffic and monitor systems for early signs of trouble.