"We were caught off-guard," Jinhyun Cho of the Korea Computer Emergency Response Team (KrCERT) told ZDNet Australia. "It was on the mouths of everyone; the whole country knows what a DDoS attack is."
The attacks forced blasé telcos to cooperate with KrCERT and forge "DDoS bunkers" to protect the nation's small-to-medium enterprises from attack.
Simply-put, a "bunker" is a new IP address served to a business that is under persistent DDoS attack but lacks the funds or resources to protect itself. Traffic from the DDoS attack continues to hit the original IP address (220.127.116.11 in the image) while the business remains in operation under a new address (18.104.22.168 in the image).
Cho said it is an effective, but temporary measure and expects businesses would revert to their original address after about a week.
KrCERT is also using anti-DDoS technologies such as sinkholes (PDF) and tarpits.
KrCERT's Botnet sinkholes.(Credit:KrCert)
South Korea is continuously under DDoS attack, Cho said, and the bunkers are hoped to help mitigate part of the problem.
He said there have not been further DDoS attacks on the scale of the 2009 assaults, but that attacks have increased in size.
Cho wouldn't be drawn on the origin of the attacks because the government is still investigating.
The attacks have peaked the interest of government and police, which have thrown cash, brains and people into KrCERT. The organisation has gained more staff and meets regularly with industry and government to discuss cyber security.
Cho was a delegate and speaker at the Asia-Pacific Telecommunity cyber security forumheld in Sydney this week.