It is apparent that DDoS attacks are becoming increasingly commonplace, according to a research published by Akamai at the end of 2015. It used to be technically difficult to launch a DDoS attack, but now it's possible to rent a botnet of tens or even hundreds of thousands of infected or "zombie" machines relatively cheaply and use these zombies to launch an attack. And as the Internet develops, home or office computers that have become zombies can make use of increasingly high bandwidth Internet connections.

 

The question now is, how to deal with a DDoS? How to detect a DDoS, how to stop it and how to learn from it? One thing is certain, and that is that there is no single entity or ISP that would have said "no" to a second hand during a decent sized DDoS. GÉANT takes a leap forward and admits that too, we cannot battle with giant zombie botnets. In that sense, GÉANT "cheats" and seeks for allies in the NREN (and not only) community to battle against DDoS. But this has its own challenges as well.

 

The given presentation aims to demonstrate GÉANT's perspective on DDoS. We understand that there are multiple layers that needed to be dealt with to proactively defend, detect, mitigate and effectively remediate against attack scenarios. Those are; deploying a secure perimeter and making sure that the attack is not triggered from the inside, having the right tools to detect what passes through the perimeter, utilizing the effective tools using procedures in place to quickly mitigate attack scenarios in a collaborative manner, and finally, learning from the attack and making others know as well. Making sure that all work in tandem is not an easy task.