Application Level DDOS, the Rise of CDNs and the End of the Free Internet

It's been mostly silent for two years on the DDoS front in Switzerland, but IoT devices and growing network capacities could bring the next wave of DDoS attacks anytime now. Technical reasons make it likely that the trend towards application level DDoS will continue. Defense against big DDoS attacks either force you to use a protection service or start to work with GeoIP defenses. The CDN protection services will ask for your certificate keys, though, which effectively means that an application level DDoS will force you to hand over your keys to a foreign company as no Swiss DDoS protection company exists. Alternatively, you will need to cut international IP traffic via GeoIP which is not always an option either. And even if you pursue this, traffic might still overwhelm your carrier implementing the GeoIP filter. But there is a path rarely travelled: It could allow you to survive an attack with the help of BGP: You stop advertising your route internationally, but concentrate on local peering partners: You hide from the global internet during the attack, but remain online locally.