Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Push the button: Our updated DDoS testbed in action at CONCORDIA Open Door 2022

Visit our booth at the event

Hand pressing a virtual power button

In one of our previous blogs, we introduced the testbed we developed for the DDoS Clearing House and described how we used it to pilot the system in a realistic environment. Over the past months, we have improved the testbed and will demonstrate it working as part of the CONCORDIA Threat Intelligence Platform at the CONCORDIA Open Door event (COD2022) in Munich in October. This blog brings you up to date with the latest changes to the testbed and our plans for COD2022, and invites you to visit our booth to see the platform in action.

DDoS Clearing House

The DDoS Clearing House is a system that enables organisations to share measurements of the DDoS attacks they handle in the form of so-called “DDoS fingerprints”. The Clearing House widens these organisations' view of the DDoS attack landscape, enabling them to prepare their networks for such attacks or make better decisions as to what third-party mitigation services to purchase. The DDoS Clearing House is an additional layer of security that complements DDoS mitigation services, which organisations need to have in place to handle actual DDoS traffic.

Anti-DDoS Coalitions

An Anti-DDoS Coalition (ADC) is a group of organisations committed to the common goal of improving the resilience of the services that group members offer to their users, by fighting DDoS attacks on a cooperative basis. The members of an ADC pursue that common goal through three types of activity: sharing DDoS fingerprints through the ADC’s DDoS Clearing House, collaboratively carrying out large-scale DDoS drills to test members’ DDoS readiness, and sharing DDoS expertise.

A testbed for the DDoS Clearing House

Last year, we set up a testbed to test the DDoS Clearing House in a simulated environment that is representative of a production scenario (see video). The testbed allows us to experiment with new versions of the Clearing House components, avoiding having to meddle in operational systems of existing anti-DDoS coalition members, and avoiding the cost of setting up data sharing agreements for exchanging real DDoS information. (Of course, such agreements do need to be in place for the production version.)

In short, the testbed consists of a traffic generator, capable of sending simulated DDoS traffic to a test network, and a virtual anti-DDoS coalition, connecting participating CONCORDIA partners. The traffic simulator is made up of five virtual machines distributed throughout the world, to resemble a botnet. An online dashboard enables easy interaction with the traffic generator.

Screenshot of the DDoS Clearing House Simulation Dashboard

Figure 1: The testbed dashboard, introducing new attack types

Our updated testbed: better, faster, stronger

In the past months, we have updated the testbed in two aspects. First, we improved its automation using Ansible, a popular automation language. With Ansible, the virtual machines that make up the “botnet” of the traffic generator can be managed with simple configuration files, ensuring every virtual machine is set up the same way. It also improves the way instructions are sent from the dashboard to the pseudo-botnet.

Second, we have introduced more attack types to the testbed. Previously, the testbed used hping3 to generate roughly identical packets and send them to the target in a steady stream, restricting it to Layer 3 and Layer 4 attacks. By integrating popular open-source DDoS testing tools into the testbed, we can now also test the DDoS Clearing House with different kinds of (layer 7) DDoS attack types.

We incorporated the following DDoS tools:

  • HTTP Unbearable Load King (HULK): attempts to overload the target with many concurrent HTTP GET or POST requests, using random User Agent headers.

  • Goldeneye: exploits the HTTP Keep Alive and No Cache attack vectors to quickly occupy a target’s resources.

  • Slowloris: creates many HTTP requests and sends headers periodically to keep the connections open. By never closing the connections it exhausts the target’s thread pool, rendering it unable to respond to legitimate users. It uses very little bandwidth.

We remain on the lookout for more DDoS tools to add to the testbed to keep improving its versatility. The user interface remains practically the same, with an extra option to select the attack type and some visual changes (see Figure 1).

CONCORDIA Threat Intelligence Platform

The DDoS Clearing House is part of the CONCORDIA Threat Intelligence Platform, together with the Incident Clearing House and MISP. The platform supports informed cybersecurity decision-making by connected organisations, by providing information about attack techniques, indicators of compromises, and vulnerabilities. The process is collaborative in that all organisations on the platform contribute insights and data, and it is based on real-world datasets.

Threat Intelligence Platform demonstrator

We have developed a demonstrator that showcases the new platform in a cooperative and interactive demonstration. The demo shows three components of the Threat Intelligence Platform working together (the updated DDoS Clearing House testbed, MISP, and the Incident Clearing House) and walks through the hypothetical scenario shown in Figure 2.

Scenario for the Open Door demonstration of the CONCORDIA Threat Intelligence Platform

Figure 2: Scenario for the Open Door demonstration of the CONCORDIA Threat Intelligence Platform

In the scenario, the CONCORDIA Threat Intelligence Platform is used by two partners, drawn in Figure 2 as servers P1 and P2. P1 is infected with malware and is now part of a botnet, capable of sending various DDoS attacks.

Using the botnet, the attacker starts a DDoS attack on the unsuspecting second partner, P2. The target collects traffic samples of the incoming DDoS attack for use by the DDoS Clearing House. The Dissector component uses the DDoS traffic samples to generate a DDoS fingerprint summarising the attack. It then automatically uploads the fingerprint to the DDoS-DB, which enables other members of the virtual ADC to obtain the fingerprint as well.

At the same time, a central MISP instance synchronises with the DDoS-DB to receive the newly uploaded fingerprint and stores it as a DDoS event. The Incident Clearing House uses the newly created DDoS event in MISP to enrich the incident report and send it to the compromised partner (P1), which is one of the sources of the attack. The Incident Clearing House can then also update the sightings of the incident in MISP.

CONCORDIA Open Door

We will present our interactive demonstration of the DDoS Clearing House at the CONCORDIA Open Door event (COD2022) and exhibit how our work can interact with the CONCORDIA Threat Intelligence platform. Other CONCORDIANs will also showcase the results they obtained over the past year at COD2022 to both project partners and other interested stakeholders. CONCORDIA ends at the end of this year and so this will be the last edition of COD. It takes place on 26 and 27 October in Munich, Germany.

That’s where you come in!

Did we mention the demo is live and interactive? We're therefore inviting you to join us at the demo stand in Munich, where you'll be able to use the DDoS testbed to craft a DDoS attack and push the Big Red Button to launch it. Because you will be kicking off the chain of actions described above, you will receive a copy of the incident report; better not let Interpol find out!

Poster with a man pointing at the viewer with the text 'I want you to push the button' underneath

You can find more information about the CONCORDIA Open Door event here. If you are interested in more information about the DDoS Clearing House, anti-DDoS coalitions, or the Incident Clearing House, see the additional resources linked at the end of this blog, or simply drop us an e-mail.

Read more

DDoS Clearing House source code: https://github.com/ddos-clearing-house

Recent blogs:

Thijs van den Hout and Remco Poortinga demonstrating the DDoS Clearing House

Acknowledgements

This work was partly funded by the European Union’s Horizon 2020 Research and Innovation programme under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/.

Article by:

Portrait of Thijs van den Hout

Thijs van den Hout

Research Engineer

Cristian Hesselman

Cristian Hesselman

Director SIDN Labs