Enhanced Cooperation on DDoS

Breaking down more barriers to tangible, effective DDoS tools and practices

Vast insider knowledge exists regarding both historical but also real-time Distributed Denial of Service (DDoS) attacks. Creating more effective tools for automated peering and better coordination of mitigation efforts has the potential to significantly decrease the threat from ever-evolving DDoS attacks. To that end, IST plays a role in facilitating industry dialogue to identify obstacles and opportunities to move solutions forward. As with many of our activities, these aren’t tools we’ve developed or even ideas we came up with – but we can help move ideas forward that would otherwise languish or get stuck. This effort remains a work in progress, inspired by actors in this space that manage these issues day in, and day out.

This effort spins out from the broader Combating DDoS initiative, which encounters ongoing efforts to overcome technical and legal barriers to enhanced DDoS data peering efforts. IST volunteers to assist these ongoing projects to expand corporation-to-corporation peering options in order to explore how DDoS-related information sharing could be enhanced, and how best practices and mitigation tools can be more broadly disseminated. 

As most experts will tell you, many of the necessary DDoS technical mitigation tools exist, and are available to those who need them. However, due to many actors with insufficient resources, the lack of the necessary mass adoption of these tools presents a persistent problem that perpetuates the DDoS risk.

As our personal and professional lives, activities, and operations become increasingly dependent on internet connectivity, IST and our cooperating partners are working to develop concepts like these cooperative DDoS approaches, best practices, and tools that can be shared globally. We are lucky to help work with partners on how these tools can best be expanded to smaller service providers around the globe, with less technical, financial, and human capital resources, with an eye towards how we can make these solutions as user-friendly as possible.

As this project progresses, we are working to formalize and spread DDoS best practices to other, smaller ISPs with less technical background or resources to manage the tools in question – like using FlowSpec. We encourage industry professionals to get in touch via ddos@securityandtechnology.org to contribute, get involved, or to learn more.