Nowadays, consumers and businesses are becoming increasingly dependent on public internet services like online banking, government sites, credit card sites, etc. Such a dependency increases the requirements on the constant availability of the sites hosting these services. Unavailability, for example, can cause harm to the economic society. Consumers may lose their trust in these internet based services, which may impact the economy.
Unavailability of these services may be caused by malfunctioning of the network, malfunctioning of servers hosting the services, malfunctioning of the services themselves, and attacks on these services by third parties. One of the possible attack types is (Distributed) Denial of Service, DDoS. A DDoS comprises an attempt to temporarily or indefinitely interrupt or suspend services of a server connected to a public network, such as the internet.
A DoS attack is performed from a single source to flood a targeted server with so much (bogus) traffic or queries that this server becomes unable to operate in a normal manner, and a DDoS attack is essentially the same type of attack, but then performed simultaneously from multiple sources.
The symptoms of a DDoS attack comprise, amongst other, slow or unresponsive network performance, unresponsive or unavailable applications and/or services.
In the case of a DDoS attack on a particular internet service, one form of protection is, currently, to temporarily block specific or all incoming and outgoing IP traffic for, at least, that service in question. Such a blocking is activated by the firewall of the server/host of that service as soon as a DDoS attack is detected or suspected.
An internet service may relate to Simple Mail Transfer Protocol email, SMTP, Hypertext Transfer Protocol, HTTP, File Transfer Protocol, FTP, Voice over IP, VoIP, etc.
Unavailability of the internet service may also be caused by problems in, for example, specific IP routers or DNS servers of the public internet, an error condition in the IP infrastructure of an Autonomous System (AS) that the IP server is connected to, etc. Result of the unavailability of the server, regardless of the cause of the unavailability, is that consumers and businesses are not able to access the internet service.
The protection advocated by the prior art, i.e. to temporarily block specific or all incoming and outgoing IP traffic once a DDoS attack is detected, protects the IP server and the service provided, but it does not provide for a solution to the unavailability aspect. The IP server and/or the provided service will still be unavailable at least during the DDoS attack.