Background/Objectives: This paper suggests a new approach against Distributed Denial of Service attacks and traffic eavesdropping in TCP/IP networks. Methods/Statistical Analysis: In our method, DDoS resistance is achieved by introducing a new address policy in IP networks. This policy hides physical location of protected server for all unauthorized clients by dynamic mapping of server’s address on a large set of temporary addresses. This paper provides detailed description of the method and its mathematical model. Findings: The authors discuss basic implementation, its major practical constraints and results of initial validation. The proposed method is compatible with Software Defined Network and we discuss major possible advantages of IP Fast Hopping application in SDN. Applications/Improvements: The demonstrated technique suggests new addressing policy that based on randomizing of server’s address. This new addressing policy does not require any global significant changes in the existing Internet architecture and can be implemented as software solution on client and server ends without impact on transit infrastructure.

Keywords