New version of the DDoS Clearing House core components
The next round of improvements to get it deployed
Chose your color
Frequently visited
Frequently asked questions
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
The next round of improvements to get it deployed
SIDN Labs and SURF have released a new version of the DDoS Clearing House in a Box, a system that enables network operators to automatically share details of the DDoS attacks they handle, in the form of ‘DDoS fingerprints’. In this blog, we briefly outline our improvements and how they contribute to the trials we’ll be carrying out in the Netherlands and Italy.
SIDN and SURF are proud to be part of the Dutch Anti-DDoS Coalition as well as of the CONCORDIA project, where we work on mechanisms and tools that enable service providers to handle DDoS attacks more proactively. Both projects involve numerous organisations including governments, internet providers, internet exchanges, academic institutions, non-profit organisations and banks. An important building block in both projects is the DDoS Clearing House, a shared system that enables participating service providers to automatically share the characteristics of DDoS attacks they handle in the form of so-called ‘DDoS fingerprints’. The tenet here is that to be forewarned is to be forearmed. Sharing DDoS fingerprints with other participants warns them that new attacks may be underway and extends the DDoS mitigation services that participants already have in place, such as scrubbing services like the NaWas. Comparing attacks currently in progress with attacks whose details are already recorded in the Clearing House can also provide pointers as to the best way to mitigate ongoing attacks. Recent developments show that DDoS attacks are still very much an issue and - more worryingly - are increasing in size, making our work with the DDoS Clearing House all the more relevant and pressing.
Figure 1: Clearing House overview. We have been working on the DDoS Clearing House since the beginning of 2019, during which time various milestones have been reached, such as:
Legal agreements in order to share DDoS fingerprints between partners (developed by the Dutch Anti-DDoS Coalition)
DDoS drills performed against a monitored infrastructure (carried out by the Dutch Anti-DDoS Coalition)
Software specification and prototype development (carried out in both projects at the same time)
We provided a much more extensive description of the Anti-DDoS coalition and the DDoS Clearing House as well as our goals and experiences in a three-part series of blog posts on the CONCORDIA website published earlier this year:
The software components are run locally by groups of service providers who collaborate to fend off DDoS attacks, such as the members of the Dutch Anti-DDoS Coalition. Figure 2 shows that each service provider (called a “collaborator”) will have their own local fingerprint database, called DDoSDB. Their operations teams decide what fingerprints to share with the central repository, which runs at a neutral location and aggregates DDoS fingerprints from all the collaborators.
Figure 2: Clearing House core software components.
Dissector: is the software responsible for analysing network traffic (pcap) and extracting attack characteristics. This new release incorporates new statistical methods that make the process of generating fingerprints smoother and faster.
DDoSDB: is the repository responsible for getting DDoS fingerprints and sharing them among the partners. We have developed new visualisation pages and improved the software stability. We have also added the ability to annotate fingerprints to provide additional (human-readable) information about the fingerprints themselves or the attacks they represent. Annotations can be made or edited by the submitter of the fingerprint or the administrator of the DDoSDB.
DDoSDB in a Box: is a virtual machine where we place all the components together and configure them. The goal is to make it easy to test the software and to go through the whole cycle of DDoS processing. In addition, the DDoSDB in a Box concept makes it easier to operate the Clearing House in a distributed mode, eventually perhaps without the central DDoSDB instance. The new version of the software is already available and now also has an automatic software upgrade in place, meaning that instances of DDoSDB in a Box are automatically upgraded when new software component releases become available. That in turn allows users of the virtual machine to keep their systems (and databases) up and running using the latest software version.
Last but certainly not least, we have cleaned up the repositories and improved the documentation that goes along with them. That is especially important for people just trialling or starting to use the DDoS Clearing House and its components. For developers wanting to contribute to the components, the improved development guidelines provide clear instructions on how to set up an instance on their own development system. We also have several screencasts showing how to run the software components.
We are happy with the results secured so far, and along the way have gotten a better understanding of all the things we still need (and want) to improve. That is why we are sharing details with the community and encouraging people to try it out for themselves and for developers to contribute. You can find our software at https://github.com/ddos-clearing-house.
SIDN and SURF were partly funded by the European Union’s Horizon 2020 Research and Innovation program under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/
Article by:
Share this article