​​GÉANT community working group​s initiate DDoS
focused security collaboration

17 November 2015 | Amsterdam, Netherlands


GÉANT recognises the continually growing need for security threat mitigation and for international and cross-discipline collaboration to support the research and education networking community in this work. A recent workshop about DDoS (distributed denial of service) mitigation, has sparked plans for international collaboration in this area.


More than 50 representatives of 24 organisations from around the world discussed a wide range of issues concerning DDoS and how to manage security processes for national research and education networking organisations (NRENs).


The two-day DDoS mitigation workshop was hosted by ACOnet at the University of Vienna on 10-11 November, and was initiated by several GÉANT community working groups: SIG-NOC​ (special interest group on network operation centres), SIG-ISM​ (information security management), TF-CSIRT (task force on computer security incident response teams) and TF-MSP (management of service portfolios). Each of these had seen the subject of DDoS mitigation arise within their group meetings and organised the workshop together in order to explore current DDoS mitigation solutions and identify goals for future service solutions and information sharing to support the NREN community and its customers.      


Current issues

Common issues raised during the workshop included the need for well-developed business case documents for DDoS mitigation, as the value of this generally expensive service is often not seen until an attack takes place. Another important point was the potential for joint procurement of mitigation services. Attendees also agreed that work on open-source and homegrown solutions is necessary to ensure that NRENs can have access to affordable approaches to the DDoS mitigation problem. A closed discussion list has been created to follow up on the meeting.  

Request access to the closed DDoS discussion list.


A growing c​​oncern

DDoS is a type of denial of service (Denial of Service) attack, in which networks or systems are flooded with useless traffic by attackers in an attempt to make a service unusable or to force an organisation to take a service out of use. The distributed nature of DoS means that multiple source addresses can participate in the attack, which makes it difficult to identify and mitigate the effects. Although DDoS attacks on universities and other educational institutions are currently not very common, it is a growing concern. 


Mitigation appr​​oaches

The majority of attacks in the research and education environment are simple OSI/ISO Layer 2-4 attacks, mostly initiated by students. 'Black-holing' is the easiest solution, but this cuts customers off the network completely. More sophisticated 'traffic washing' can be used against complex Layer 4-7 attacks, but this technique is not widely used.

The biggest impact of a DDoS attack would be if the NRENs’ upstream connectivity went down. As GÉANT provides ever more peering services, NRENs are increasingly looking to GÉANT to serve as their upstream provider. Firewall-on-demand and a three-step filtering architecture helps GÉANT to mitigate attacks in the pan-European backbone network.

More inform​​​ation

The DDoS workshop forms part of the growing security support provided through GÉANT, joining the recent highly successful WISE workhop, the well-established SIG-ISM and TF-CSIRT groups, and services such as the Trusted Certificate ServiceTrusted Introducer and TRANSITS training.


This growing focus on collaborative approaches to security echoes developments happening across internet intitatives, as described by ISOC in the 2015 whitepaper Collaborative Security, An approach to tackling Internet Security issues.​