Hacker-tracking site attacked

[low_delta]

By Robert Lemos
Special to ZDNet News
December 5, 2001 11:22 AM PT

The Computer Emergency Response Team's Coordination Center, an important national clearinghouse for computer-security information, came under attack Wednesday, leaving its main Web site only intermittently reachable.
The so-called denial-of-service attack didn't affect the group's ability to push security incident information to its members, but made public access to its sites a crap shoot.

"We are working with our service providers to resolve this problem," Bill Pollak, public relations coordinator for the CERT Coordination Center, said in a statement.

A denial-of-service attack can take one of two forms: a flood of data that overwhelms the Web server or the bandwidth leading to the server, or a specific command crafted to disable critical servers or Internet routers. The CERT Coordination Center would not identify which type matched the attack it was suffering from.




The group, based at Carnegie Mellon University in Pittsburgh, Penn., coordinates the communications among the myriad response teams scattered among U.S. universities, companies and government agencies.

It has both public Web sites to inform both members and non-members of threats but also has private networks capable of alerting members to high-priority computer-security incidents.

Officials at the CERT Coordination Center would not give details of the current attack but previously acknowledged that such attacks are not uncommon. In May, the group suffered a similar attack.

"We get attacked every day," Richard D. Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute, said in a May interview. "The lesson to be learned here is that no one is immune to these kinds of attacks. They cause operational problems, and it takes time to deal with them."

The CERT Coordination Center is part of Carnegie Mellon's Software Engineering Institute.

I think the lesson to be learned here is to not put the big "hack me" sign on your back.

Having a hacker tracking database online is like leaving a list of bank robbers in a bank vault.

Comments

[vlinker.livejournal.com]

or maybe like posting the vault contents on the outside door of the bank?.......LOL

[banana.livejournal.com]

You can have some fun trying some simple hacks at http://www.try2hack.nl/level1.html *but* if you have some firewall software, you will notice that as soon as you go there you get probed by them.

I got to level five, but then remembered I was at work and had productive things to do.

(If you *don't* have a firewall, go get ZoneAlarm, particularly if you're on broadband)