New DDoS Protection Service Makes Servers Harder to Attack by Turning Them Into Moving Targets

By Daniel Zo DDoS protection, DDoS, MOTAG

During the last couple of years, Distributed Denial of Service Attacks (DDoS) have gotten a lot more popular, due to the fact that they’re cheap and easy to carry out, and they basically require no effort whatsoever once a stable script is put into place.

For those who do not know, DDoS attacks take advantage of one of the biggest vulnerabilities of serves- the fact that they can only handle a set amount of connections or traffic at the same time. Based on this, they basically flood server with requests, which in turn, either slows or takes sites down completely.

As DDoS attacks are becoming more sophisticated, the current DDoS protection services have been proven to sometimes fail in efficiency. So far, the only way to be immune to these attacks would be to invest an irrational amount of money into server power, which could then handle more traffic than what the hackers are capable of throwing at it.

Things are about to change though. Recent reports indicate that a couple of security researches from the George Mason University have come up with a brand new defensive strategy, which has the potential of beating DDoS attacks, through a process known as client-server connection shuffling. To put things better into perspective, once the tool, dubbed as MOTAG, allows sever to reliably segregate malicious network traffic from normal. Based on this, clients will be able to connect to servers normally, but once attacks are detected, the system goes on to leverage its excess computing and cloud resources and proceed to reassign clients to different servers via specific criteria. Simply put, suspicious clients will get through, but their connections will be significantly slower, to help prevent a server failure, and keep DDoS attacks out.

According to the George Mason University paper explaining the MOTAG system, "Instantiated server nodes can be classified into two groups: relatively static serving server nodes provide more reliable connection services for known innocent clients, while dynamic shuffling server nodes shuffle (reassign) operations to provide intermittent connections to suspicious clients. During a DDoS attack, MOTAG will replace the shuffling server nodes with new ones and reassign the associated clients to those new nodes."

This means that even if attackers use more advanced techniques in order to try and evade detection, by pretending to be normal users, the incoming flood of traffic will be noticed, thus putting the defence service in action.

Unfortunately, the MOTAG system also requires more processing power. However, given the increasing cheapness of computer resources, this technique can be put to use to mitigate DDoS attacks, and thus keep servers and their afferent websites running at all times.

Based on everything that has been outlined so far, the MOTAG system offers a lot of potential for servers from all around the world, who wish to stay safe from the harm that DDoS attacks can produce, while also keeping clients satisfied by offering them more networking power.