There are ways in which the many stakeholders involved in improving the Internet can reduce the threat of DDoS attacks. One of the most notable examples of joint collaboration came out of the Network Working Group of the Internet Engineering Task Force ten years ago. It published BCP 38 (aka RFC 2827), which was a best practice set of guidelines for how ISPs and hosting providers could use ingress traffic filtering to identify and redirect fake IP addresses in order to lessen the impact of DDoS activity on themselves and others. While there was some take up and the measures recommended remain relevant, many ISPs still need to implement these (and other) best practices in order for the wider community to realize their benefits.
Many products and services exist to specifically protect large networks from DDoS attacks and stop network resources from being drawn on to amplify attacks.
Individual site owners can also purchase DDoS protection from a wide range of vendors at different price points, including free plans, such as the starter plan offered by Cloudflare.
There are also a wide range of resources freely available online such as this site’s dictionary of DDoS. Arbor Networks and Imperva Incapsula both also offer a wide-ranging set of resources related to DDoS, including definitions of different related topics.
Similarly, there are a wide range of cyber attack maps available online, including Kaspersky and Digital Attack Map (powered by Arbor Networks and created partially with Google Ideas). Kaspersky’s “Cyberthreat Real-Time Map” claims it shows attacks worldwide taken from on-demand on-access scans, in addition to web and email detections. The Digital Attack Map from Arbor Networks exclusively focuses on DDoS attacks. It tracks the attacks with data gathered from Arbor’s ATLAS threat intelligence system, which is sourced from over 300 ISP customers, and 130Tbps of worldwide traffic. The map allows you to visualize DDoS attacks and filter them by size and type.
There are also various kinds of meet-ups between security professionals in which best practices can be exchanged and learned, for instance the Internet2-sponsored Security Working Group. The group is made up of around 100 network experts who regularly exchange ideas for the best ways to mitigate volumetric DDoS attacks at conferences such as the Global Summit and Technology Exchange.
Volumetric network attacks have been the focus of the Network Services Security Team, which has been working to coordinate a community-wide R&E Security Working Group to understand different kinds of volumetric and multi-vector DDoS attacks, gain an insight into the impact on operations and availability of resources, and specify defensive solutions that can be engaged when attacks d occur. The action plan they recommend most strongly is “to leverage a multifaceted approach involving filtering and scrubbing, crafted in a manner to either supplement existing deployments of DDoS detection and mitigation products by regional networks and campuses, or to provide coverage for members that do not already have a solution in place”.