Predicting and mitigating DDoS-attacks

It is all about predicting from which networks a possible DDoS-attack comes from and then route that bad/naughty traffic to a separate small port. We predict this by looking at how many incorrectly configured servers are present in a certain network. When there are more servers that are incorrectly configured, the higher the chance is that these will be misused during a DDoS-attack.

The information about incorrectly configured servers in a network is publicly available. We have a partnership for that with a not-for-profit organisation named ShadowServer.org. And each ISP can request their own specific data from them, in order to inform their own customers. At A2B Internet we analyse the global aggregated information per ISP network and put that in a huge database. We created a specific rating to the number of incorrectly configured servers in a network together with the size of the network in IP addresses / customers and use that rating for our peering decisions to build our network.

Based on this information we route undesired/naughty traffic for a network with a high naughty rating to a separate small port on the internet exchange or even deny them to peer with us or exchange traffic via the Internet Exchange to our customers.