Image: Bas van Schaik, CC BY-SA 3.0, Wikimedia

How to protect your site from DDOS attacks? It’s always been a bit of a cat and mouse game, but with DDOS attacks becoming more and more frequent and troublesome, the Amsterdam Internet Exchange is thinking of new ways to fend them off.

When launching a DDOS attack, a hacker will try to send massive amounts of traffic your way, overwhelming your servers or network capacity. The bad guy in question doesn’t have to be a sophisticated network guru either: you can simply hire a DDOS attack for a few bucks in the darker corners of the Internet. A Dutch guy, recently arrested for taking a number of national banks offline, claims to have spent as little as 40 euros to have his attack performed.

So, how to protect against this? If you can recognise certain patterns in the attack coming your way, you can start by blocking suspicious traffic, either by looking at specific protocols (does anyone from the outside world really need to ping you?) or by looking at IP addresses or ranges that seem to generate excessive traffic. Of course, the culprits will be doing their best to blend in with the regular visitors to your site. A DDOS attack, by nature, comes from many places at once. How to tell your regular users apart from the malicious traffic? Thus, there are limits to this approach.

Another way to deal with the issue, is to extend your capacity. Either by setting up more servers and bandwidth, or by going into the cloud. A cContent Delivery Network like Akamai┬áhas their servers set up all over the world and could help you handle massive amounts of traffic. Of course, there’s an upper limit to this as well, and many businesses (like banks) would not be happy having their customers’ sensitive data stored by someone else.

Back to the Amsterdam Internet Exchange (AMS-IX) and their Trusted Networks Initiative. The Internet exchange is a peering point: a place where a large number of Internet Service Providers, mobile operators and hosting providers connect their networks with one another, and the rest of the world, to exchange traffic. The idea of the Trusted Networks Initiative is to create a kind of safe haven, a seperate network (or VLAN), where trusted ISP’s and companies can connect. When a DDOS attack takes place, this trusted network would be disconnected from the outside world, but people within the trusted network could still communicate with each other. Typically, a large DDOS attack would originate from a foreign country. By closing off the trusted network, the attack from outside would be blocked, while people connected to a trusted Dutch ISP would still be able to contact their banks or other important services. A bit like a storm surge barrier for the Internet! Once the ‘storm’ has passed, the trusted network could be opened again to the outside world.