A patent has been granted to DE-CIX, the operator of the world’s largest neutral Internet Exchange, headquartered in Frankfurt, Germany, for its new “Blackholing Advanced” service. “Blackholing Advanced” reinforces the defense against DDoS (Distributed Denial-of-Service) attacks directly on Internet Exchanges by using numerous individual filtering mechanisms. The patented mechanism significantly limits malicious traffic at the transport layer and port through fine-grain filtering. 

Free of charge, the new service is now available in a beta version for all DE-CIX customers in Frankfurt, Madrid, and New York. Since its inception, the DE-CIX blackholing feature has been used increasingly, and customers have asked to extend its functionalities. 

While always developing new services based on feedback from customers, DE-CIX jointly developed the product requirements for Blackholing Advanced in a “community workshop”. Considering the increase in DDoS attacks, security is an ongoing focus for the company. The opportunity to fully test a beta version, for the first time, “hopes to receive valuable direct feedback,” said Dr. Thomas King, Chief Technology Officer at DE-CIX. “The patent granted for the innovative filter mechanisms is a reward from our years of research.

“The new service will also be offered as a premium variant in the future. Standard Blackholing Advanced is free of charge for DE-CIX customers and includes numerous preset filters. The high-end Freemium version, which is subject to a fee, also offers flexibly customizable filters that can be activated directly by the customer.”

Blackholing Advanced: technical background

The patented mechanism gives customers the ability to filter unwanted DDoS traffic at the transport protocol and port level with fine granularity, and in so doing significantly limits harmful data throughput. Based on this filtering, traffic on the award-winning DE-CIX Apollon platform is either discarded or appropriately limited to protect critical infrastructures on the Internet from DDoS attacks. The fact that DDoS data traffic can not only be blocked but also limited in terms of data throughput means that it is possible to investigate the DDoS attack further in order to initiate appropriate countermeasures. Together with the new DE-CIX blackholing dashboard, this enables precise and informed mitigation of DDoS attacks to completely eliminate the unwanted traffic only.

The feature is not activated by default. If you want to use the Blackholing Advanced feature, please activate the service in the DE-CIX customer portal or learn more by contacting DE-CIX directly here:  www.de-cix.net.