Frankfurt am Main, 10 February 2020: The operator of the world's largest Internet exchange (IX) DE-CIX in Frankfurt, together with an international team of scientists, has published a study which for the first time examines the effects of DDoS (Distributed Denial of Service) attacks and the effects of police countermeasures – with alarming results. For example, it was found that any Internet user can order and have cyber attacks carried out for less than 20 US dollars. A measurement infrastructure was set up specifically for this study and DDoS attacks were purchased from DDoS service providers (so-called “booter” websites), in order to attack the company’s own system. The research team also analysed the effects of the international police measures of December 2018 against DDoS service providers. In this regard, 15 booter websites were taken off the net as part of an action by the FBI and the Dutch police, unfortunately any without lasting success. The project involved researchers from DE-CIX, BENOCS GmbH, Brandenburg Technical University Cottbus-Senftenberg, University of Twente, and the Max Planck Institute for Computer Science in Saarbrücken.
“We were unable to record a sustained improvement in the security situation with regard to DDoS activities on the Internet as a result of the police countermeasures of December 2018. After about 6 days, the frequency of attacks was already back to the old level of an average of fifty NTP (Network Time Protocol) DDoS attacks per hour – the measures had caused a drop to thirty attacks per hour” says Dr. Christoph Dietzel, responsible for Research and Product Development at DE-CIX.
“Further analyses at the world's largest Internet node DE-CIX in Frankfurt revealed that DDoS attacks against thousands of targets on the Internet occur at any time of day or night. Interestingly, we found out that only about 20% of the traffic of an attack goes through our IX in Frankfurt. In this case, one could conclude that the 311 Gbps attack we observed was five times as large at the target and therefore had an actual traffic rate of 1.555 Tbps – so the attack traffic at the target could often be significantly larger than our measurements show. Attacks of this kind can lead to both financial damage and damage to the company’s image and can threaten the very existence of companies. That is why we will continue to conduct further research to combat this cybercrime in the future,” Dietzel continued.
The focus of the new research project, which is funded by the German Federal Ministry of Education and Research (BMBF), is on artificial intelligence technologies and how they are suited to detect DDoS attacks directly at the core of the Internet, at the Internet exchange, and to develop new, effective protective measures. The project runs until June 2022.
Order Internet attacks online at a low price – easier than expected
Booter websites act as online service providers and enable every Internet user to carry out attacks against known Internet platforms – with just a few mouse clicks and for very little money. Because this is so easy, Internet services are increasingly falling victim to DDoS attacks. The aim of the attacks is to disrupt the availability of Internet services and websites: More resources (e.g. computing power or transmission capacity) of a computer system than are available in total are used, so that the corresponding service collapses and is no longer accessible to the public.
DE-CIX has an internal research team: In close cooperation with industrial and academic partners, the Research and Development team is continuously working to find novel technical possibilities and solutions that will further drive innovation in the market segment and the development of a next generation IX. This also includes public sector projects financed by third-party funds. Currently, the focus is on the detection and containment of DDoS attacks, programmable computer networks (P4/SDN), and the improvement of inter-domain routing.
Title of the graphic: Selected DDoS attacks at the Internet node DE-CIX. From the study “DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown.”