Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Reducing the economic impact of DDoS attacks through anti-DDoS coalitions

Joining an anti-DDoS coalition is a win for all

3D illustration of multiple malicious servers in red attacking one server in blue (denial of service concept)

Authors: Abhishta Abhishta (1), Cristian Hesselman, (1, 2), Laura Spierdijk (1), Jan-Willem Bullee, (1) (1) University of Twente, (2) SIDN Labs

An anti-DDoS coalition is a group of organisations that aims to jointly increase the availability of their services by fighting DDoS attacks on a collaborative basis. In this blog, we will briefly discuss the economic benefits for coalition members, such as those participating in the Dutch Anti-DDoS Coalition. We point readers to this blog for more details on the key activities of an anti-DDoS coalition (joint large-scale DDoS drills, automatic sharing of the metadata of DDoS attacks, and knowledge exchange).

DDoS attacks are a risk for digital societies

The internet has become a critical resource for most of us and is crucial for our modern digital society. For example, during the Covid lockdowns of 2020 and 2021, online services played a huge role in keeping the economy functional. At the same time, however, cybercriminals continually attempt to disrupt such services by launching distributed denial of service attacks (commonly known as DDoS attacks) against them. Examples of high-impact DDoS attacks include those against DNS operator Dyn (2016), the attacks on banks and government institutions in the Netherlands (early 2018), and on the operator of Belgium’s national research and education network (May 2021). For an individual, the unavailability of the internet brings their online life to a standstill. For an organisation, it may severely impact their business. For example, it can lead to the unavailability of data and delays to essential bank transactions, and can even have a lasting impact on business processes. For firms that are heavily dependent on Cloud services, a DDoS attack on those services can be catastrophic. Recent outages such as the ones with CDNs like Fastly have highlighted the importance of the availability of such third-party services for businesses that depend on them.

Benefits to attackers

Cyber criminals use DDoS attacks for a variety of reasons that may or may not involve direct monetary gain. For example, the book “The Coming Swarm – DDoS Actions, Hacktivism, and Civil Disobedience on the Internet” discusses the role of DDoS attacks as acts of civil disobedience. When attackers wish to engage in civil disobedience, their primary aim is to get the attention of relevant authorities (e.g. governments). DDoS attacks can also be used for revenge, and some attackers do it for the “intellectual challenge”. The most recent development involves criminals using DDoS attacks as part of ransomware campaigns to “hijack” the availability of their targets' services.

Economic impact on victim organisations

Economic impacts of DDoS attacks on victim firms can be broadly divided into defence costs, indirect losses and direct losses. Defence costs are defined as the monetary equivalent of prevention efforts. These are costs that are incurred in anticipation of an attack. They include investment in on-site DDoS appliances, traffic monitoring facilities and scrubbing services such as the NaWas, amongst other things. If an organisation invests in DDoS protection facilities and still the DDoS attack is successful, then these costs can be considered to be losses. For example, the Dyn DDoS attack of 2016 resulted in an increase in defence costs for organisations that had become unavailable due to that attack. Indirect losses are the monetary equivalent of the losses and opportunity costs imposed on society by the fact that a given cybercrime is carried out. One of the indirect losses due to a DDoS attack can be change in investor perception about the market value of a victim firm (in other words impact on the stock price). Public reports of successful DDoS attacks can even have a damaging impact on the customer perception of a brand. Survey-based studies have shown that DDoS attacks are likely to damage customer trust and confidence. Direct losses are defined as the monetary equivalent of losses, damages or other problems suffered by the victim because of an attack. For example, in the case of an internet-based service provider (e.g. hosting provider or DNS service provider), customers of the victim might (permanently) move to an alternative provider due to service unavailability. Also, a web-based business may lose online sales due to a successful DDoS attack on their platform. A portion of the direct losses may comprise of criminal revenue, which is the monetary equivalent of the gross receipts from a DDoS attack. For example, there have been instances when organisations were forced to pay ransoms to stop attackers from DDoSing them.

The economic impact of Anti-DDoS Coalitions

An Anti-DDoS Coalition is a group of organisations that pool resources to collaboratively fight against DDoS attacks. This strategy not only gives these organisations the capabilities to proactively tackle large attacks, but also reduces the economic impact of DDoS attacks in terms of reduced direct losses, indirect losses and defence costs. Figure 1 illustrates how the Dutch Anti-DDoS Coalition contributes to lowering such costs through their three key activities: joint large-scale DDoS drills, sharing of metadata about DDoS attacks through the DDoS Clearing House, and knowledge exchange.

Model of how the activities of the Dutch Anti-DDoS-Coalition contribute to reducing the cost of DDoS attacks for members.

Figure 1: Model of how the activities of the Dutch Anti-DDoS-Coalition contribute to reducing the cost of DDoS attacks for members.

The coalition’s large-scale collaborative DDoS drills contribute to reducing the vulnerability and potential losses for coalition members. They do so because participating in DDoS drills helps coalition members to understand which of their systems are more prone to failure in the event of a DDoS attack. Based on that experience, they can devise a more solid mitigation plan for countering attacks before they actually occur. That increases coalition members' preparedness as well as the trust that customers have in the members' services. The DDoS Clearing House is an automated system for sharing the fingerprints of ongoing and past DDoS attacks that members have encountered. It helps other members to proactively filter DDoS anomalies in network traffic with greater efficiency if they get hit by the same attack, thus further lowering participating organisations' vulnerability to DDoS. The DDoS fingerprints also define DDoS attacks in distinctive terms, which significantly helps to increase the prospect of attacker apprehension by law enforcement services, thus reducing the threat of DDoS attacks. Like the DDoS Clearing House, the knowledge sharing activities of the Dutch Anti-DDoS Coalition give individual members greater insight into attack trends, enabling them to proactively plan their investment in DDoS protection. Knowledge sharing may also help to deter attackers from targeting coalition partners, because attacks are less likely to be successful as a result of coalition members working together. The Coalition's three activities are essentially cybersecurity interventions, aimed at reducing the chance of DDoS attack (i.e. reducing the threat), reducing the probability of an attack succeeding (i.e. reducing the vulnerability of a potential victim), and reducing the potential losses. Addressing those three variables in turn contributes to lowering the costs that a member may incur due to a DDoS attack (direct, indirect, defence).

Joining an anti-DDoS coalition is a win for all

We argue that members of an anti-DDoS coalition directly and indirectly benefit economically from its activities, which might be an additional incentive for organisations to join. In the future, cyber-insurance companies could further increase the economic impact, for instance by covering the losses of DDoS attacks on organisations if they are members of anti-DDoS coalitions. An anti-DDoS coalition therefore not only improves the availability of online services for society, but also provides economic benefit for members. That’s a clear win for all, and all the more reason to join the initiative here in the Netherlands.

Future work

According to present estimates DDoS attacks can lead from losses that are solely non-monetary to losses that range in thousands of euros. This depends on several factors such as the type and size of the victim organisation and severity of attack. Research to understand and measure the influence of these factors on losses realised by the victim is currently underway as part of the MASCOT project. We will keep you updated about the results in future blogs!

Acknowledgements

SIDN and the University of Twente are members of the Dutch Anti-DDoS Coalition, a self-funded public-private initiative to collaboratively protect members and the wider internet community from DDoS attacks. Website: https://www.nomoreddos.org/en/. This work was partly funded by the European Union’s Horizon 2020 Research and Innovation programme under Grant Agreement No 830927. Project website: https://www.concordia-h2020.eu/.

Article by:

Portrait of Abhishta Abhishta

Abhishta Abhishta

Assistant Professor Finance and Cyber Risk Management, Universiteit Twente

Abhishta teaches at the University of Twente, where he is studying the economic aspects of DDoS attacks and other cyber-threats. In 2019, Abhishta wrote a thesis entitled 'Measuring economic impacts of DDoS attacks'. Alongside his university work, Abhishta helps organisations with security investment decisions.