On December 5, 2012, Public Interest Registry, the nonprofit operator of the .ORG to-level domain and long-term advocate for collaboration, safety and security on the Internet, moderated an expert panel on “Mitigating DDoS Attacks: Best Practices for an Evolving Threat Landscape.” Distributed Denial of Service (DDoS) attacks are deliberate attempts to make Internet-connected machines or networks unavailable to their intended users by temporarily or indefinitely interrupting DNS services. Unfortunately, they are an all-too-common reality across today’s Internet as witnessed by the recent onslaught against US banks and persistent attempts to disrupt business, civil society, and government services providers.
Whether the attacks are motivated by criminal intent or as an extreme form of free expression, the resulting service disruptions can have wide-ranging negative effects. The panel, which included representatives from Symantec, Afilias, Google, Neustar, VeriSign and the Electronic Frontier Foundation, explored DDoS trends, how targeted entities address such attacks, and unintended consequences from both the threats and the responses. The panel debated mitigation options, who bears responsibility for “doing something” about DDoS attacks, and the challenges of working together to confront this global dilemma.
While there was agreement that no “silver bullet” exists to thwart DDoS attacks, the panelists did offer a number of recommendations. They also recognized the need for greater awareness of the problem and how to deal with it. A survey commissioned by Public Interest Registry
before the event indicated that 85 percent of Americans are uninformed or ill-equipped to deal with DDoS attacks; anecdotal evidence strongly suggests that this is a worldwide challenge. Ultimately, industry, government and civil society will need to collaborate more or continue to be victimized by DDoS attacks.
A recording of the event is available here
. Public Interest Registry will make available a transcript of the session, and the video soon will be captioned. We also plan to make anti-DDoS materials available on our website, and encourage interested parties to contact us about additional resources.