Distributed Denial of Service (DDoS) Protection (Operational network security) – new for 2021 – virtual learning with experts

Distributed Denial of Service (DDoS) Protection – module overview

This is the forth module of the “Operational network security” training programme delivered by GEANT WP8 Task 1.

Distributed Denial of Service (DDoS) attacks have been the scourge of the Internet over the past 20 years. Although the media attention has waned, they continue to evolve and grow in power, with botnet clients becoming easier to deploy and ever more services being exploited as multipliers for packet floods.

This course will take the participants from an overview of DDoS through details of the most common attacks and concludes with outlining the ways to detect and mitigate them.


The training is open to all GÉANT members and their member organisations.

Who will benefit from attending this training programme?

  • System/network administrators at NRENs or NREN member organisations
  • System administrators at computing centres or NOCs
  • Broader categories of professionals with the interest in these subjects


Basic administration knowledge about operating systems and networking should be present.

Distributed Denial of Service (DDoS) Protection – sessions (live online) schedule

All sessions will be recorded and added to the existing playlist, to access the playlist please click here.

Session titleDate/timePresenter
Introduction to DDoS Attacks – An overview of motivation and modus operandi of attackers
Click here to access the session recording.
Click here to access the copy of the presentation.

DDoS attacks have been around for more than 20 years now, and over this time, they have gained in power, reaching now several terrabits in bandwidth, enough to knock of ISPs. While the actual DDoS attacks have changed very little, the orchestration of the attacks, the deployment of their components and the motives of attackers have evolved.

This course will give the participants an overview of the attacks, the attackers, their motivation and modus operandi.
08/02/2021 2 pm CETTobias Dussa
Details of selected DDoS Attacks – How the attacks work from a technical perspective
Click here to access the session recording
Click here to access the copy of the presentation.

While DDoS attacks have become more powerful and easier to start for attackers, the technical details of DDoS attacks have been remarkably consistent over the last 20 years.

This course will provide the participants with an in-depth view of the technical details of the most common DDoS mechanisms: amplification and reflection and the services being exploited for them.
10/02/2021 2 pm CETKlaus Moller
DDoS Detection – How to know if you are under attack or partake in an attack
Click here to access the session recording.
Click here to access the copy of the presentation

The questions of how DDoS Detection works sounds simple: when your can’t access your systems, you’re under attack. But this may also happen due to technical problems and misconfigurations. And what if you want to detect attacks without being a victim of one?
The course will show participants the various ways of how DDoS attacks are detected on the internet.
15/02/2021 2 pm CETKlaus Moller
DDoS Mitigation – What you can do against them?
Click here to access the session recording.
Click here to access the copy of the presentation

Mitigating a DDoS attack, especially the bigger ones, seems a daunting task, especially so with a determined attacker and when other sites are also affected.
This course will show some simple, but proven techniques to combat DDoS attacks and also to avoid unintentionally partaking in one.
17/02/2021 2 pm CETTobias Dussa

Meet the experts

The training programme is delivered by a team of experts in the field:

Klaus Möller, DFN-CERT – Klaus has been working with DFN-CERT since 1999 as an incident responder, advisory writer, and security consultant. He has developed and carried out numerous trainings in  network security.

Stefan Kelm, DFN-CERT – Stefan has been working in the field of computer security all his professional life, starting back in the early 1990s. He currently is involved in forensics, malware analysis, threat intelligence, and log file analysis.

Tobias (Toby) Dussa, DFN-CERT – Toby has been involved with IT security during his whole entire career.  After fifteen years at KIT, managing KIT-CERT and taking on IT security issues of all kinds, he has joined DFN-CERT in 2020.

The DFN-CERT is the security provider for the German National Research and Education Network, DFN

If you just joined us the section below provides the information about the training programme, its outline and the listing of the next two modules.

Training programme Overview

There is no need to stress the importance of security, and as a more recent addition: privacy, in NREN networks. But while the importance of security and privacy is widely recognized, training in these areas has often been aimed at the security personell tasked with handling incidents, while the system and network administration seems to have been neglected.

The “Operational network security” training programme has been created as a result of collating experiences and conducting discussions with security offices and network operators.

Its aim is to address a number of common security risks that NRENs face in their day-to-day operations: authentication, logging, audit, privacy, 1st Hop security, DNS security and protection from Distributed Denial-of-Service attack.

Programme outline

The training programme consists of a number of live online, instructor-led sessions covering a wide range of subjects (sub-modules):

Sub-module titleDates
1. Operating system privacy and security
03 to 13 August 2020 – completed. To access session
recordings and accompanying presentations click here.
2. Client Privacy and Security21 September to 30 September 2020 To access the playlist of all recorded sessions please click here.
3. Domain Name System (DNS) protection30 November to 11 December 2020 To access the playlist of all the recorded sessions please click here. Copies of presentations are available here
4. Distributed Denial of Service (DDoS) protection08 February to 19 February 2021
Monday       08 February 2021     Introduction to DDoS Attacks
Wednesday 10 February 2021     Details of selected DDoS Attacks
Monday       15  February 2021    DDoS Detection
Wednesday 17 February 2021     DDoS Mitigation

All sessions have been added to the existing playlist.

The team behind this training programme is working on more training sessions to be delivered later on this year.

In the meantime if you have any queries about this training programme or upcoming events please contact glad@geant.org

Stay safe and well and we look forward to seeing you again!