Security research centre attacked

Carnegie Mellon University's Computer Emergency Response Team/Coordination Center (CERT), a federally-funded center for security development and research, and publisher of security newsletters and alerts, is warning visitors to its Web site of potential delays in the wake of an ongoing distributed denial-of-service (DDoS) attack.

According to a statement on its Web site posted on Wednesday morning, CERT/CC has been undergoing a DDoS since approximately 11:30 a.m. EDT on Tuesday. The statement says that the security institute's site may be "unavailable at time, or performance may be reduced."

No CERT/CC data has been compromised due to the distributed attack, and the security centre is recruiting assistance from various organizations and ISPs to halt the bogus packet-flooding assault and discover more about its origin, according to Ian Finlay, Internet security analyst at CERT/CC.

A rash of DoS incidents over the past month have spurred national attention, including a successful attack on the White House Web site and a warning by the U.S. Federal Bureau of Investigation telling administrators to be wary of DoS bombardments.

"The lesson to be learned here is that no one is immune to these kinds of attacks," said Richard D. Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute (that includes CERT/CC) of his organization's DoS victimization. "[DoS attacks] cause operational problems, and it takes time to deal with them."

If circumstances should call for it, Finlay said CERT/CC has the means to release e-mail advisories or responses out to users. Members of the CERT/CC are available through a hotline, he added. However, non-emergency security queries from users should be sent by e-mail.