The Serverius DDoS Protection Cloud
“The DDoS Protection Cloud is offering high performance layer 3, 4 and 7 DDoS protection with full control and clear insights”
- DDoS protection in or outside the Serverius datacenters.
- Unlimited incoming (dirty) data traffic DDoS protection.
- Protection can operate in in-line or out of path mode.
- Protect up to 1048574 IPv4 (/12) and a million IPv6 (/32) IP subnets!
- Capable to defend up to 1Tbps+ DDoS attacks.
- Using the protection by Hybrid, GRE tunnel, direct fiber or colocation.
- Detailed attack notification by e-mail and/or SMS.
- DDoS protection for all services (UDP/TCP, SMTP, gaming, VoIP, etc).
Blocking any type of IP attack
- Protocol abuse attack defense
Defense against IP spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.
- Web attack defenseDefense
against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP slow header flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.
- Scanning and sniffing attack defense
Defense against Port Scanning, IP Scanning, Tracert Control Packet, IP Option, IP Timestamp and IP Routing Record attacks.
- DNS attack defense
Defense against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.
- Network-layer attack defense
Defense against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.
- SIP attack defense
Defense against SIP methods Flood attacks.
- DHCP attack defense
Defense against DHCP Flood attacks.
- Mobile attack defense
Defensible DDoS attacks launched by mobile botnets, for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.
- Botnet traffic blocking:
Blocking of controlling traffic of botnets, active zombies, Trojan horses, worms, and tools, such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest,Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS, and so on C&C DNS request traffic blocking
- Feature-based filtering Blacklist
HTTP/DNS/SIP/DHCP field-based filtering, and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.
Powerful technology, 100% Serverius!
The Serverius DDoS Protection Cloud service is build on proven technology of many suppliers. To provide real quality, the service is only driven on Serverius it’s own hardware and, no external services are used. It can be used in and outside the Serverius datacenters.
Fast carrier hardware, known vendors technologies, Open-source community additions, commercial subscriptions and the famous own build Serverius IP protection technologies will provide our users full control to secure their infrastructure. Therefore the Serverius DDoS scrubbing cloud is among the best DDoS shields in the world.
The Serverius client panel allows users to create a personal DDoS protection layer per IP application. By this personalized DDoS protection layer the highest possible defending success rate is achieved!
- Enable DDoS protection for 1 or many IP subnets.
- Personal attacks map, detailed data-traffic graphs (per protocol).
- Creating a personalized baseline policy per IP or per hosted application.
- Enable/disable hundreds of protection methods per policy.
- Add/remove/search IP subnets by API.
- Protect IPv4 and IPv6.
- Run protection in transparent modes: detect but not protect.
- Optional Flowspec rules. Configurable by hand at the client panel or API!
- Set rate-limits per IP (Safe Zone group).
- Geographically IP blocking.
- Enable/disable commercial IP reputation blacklists.
- Creating advanced firewall rules and add them to Safe Zones.
- Learning mode! Protected IP data-traffic and its behavior is analyzed and is used to automatically adjust a personal security layer!
- Detailed email and SMS notification during DDoS attacks.
- Attack packet capture. When an attack happens, you can download .pcap files of the attack traffic.
- DDoS attack simulators to test your protection layer.
- Toptalker IP information for incoming and outgoing data traffic.
- Advanced/deep IP security scanner scanning your IP subnets on the latest vulnerabilities.
- Automatic null-route thresholds of unprotected IP subnets.
- Detailed attack reports per day, week or month.
“It’s by far the most advanced client panel in the world. Our engineers give technical presentations around the world to show how we technically did it. We try to add as much technical functionalities as possible, to give our users full control and transparent insights. Our DDoS test and deep IP application scan tooling will also advice our users to make their security layer better. This proactive approach will even prevent future hacks and future DDoS attacks”.
High-performance and volume cleaning
As Serverius is one of the 3 largest datacenter networks in the Netherlands we have up to 1Tbps capacity to defend our users against large DDoS attacks, such as SYN flood and DNS amplifications. In the past 12 months we defended against multiple 600Gbps+ IoT attacks what makes us one of the largest scrubbing environments in Europe. Beside this large volume attacks we were also able to protect 40Gbps Layer 7 attacks.
But beside of capacity also high performance is needed to be able to filter Layer 7 attacks and keep the latency in general for all users really perfect. Because Serverius is using a ultra fast carrier hardware scrubbing environment known as the “DDoS Protection Cloud”, the DDoS cleaning is performed through the full infrastructure. Therefore it’s not some a single scrubbing box what will be doing the job, many routers, switches, and also carriers will work as one and provide the best latency possible.
Reverse security checkup
“Protecting your house against burglars with your front door wide open is of course not a good idea. An attacker will always try to use the IP application its weakness. Therefore it is important to close your door, check if all other windows are closed.”
Serverius advises his DDoS protection users to do the same when protecting their IP subnets: an protected IP application must be fully updated and secure before you enable the DDoS protection.
Therefore a list of advance scanning tools are offered to scan the IP application on thousands of vulnerabilities. When a security issue is found it will show the level of danger and how to repair the bug or improve application security. It will help you to improve the general security level of your infrastructure!
Personalized en global IP reputation
The famous IP reputation system “IP Judge” of Serverius will keep track of known botnets and other vulnerable IP subnets outside the Serverius network. It will add an security layer to the global and personal user protection layer to prevent low volume dirty data traffic. More information you can find here.
As an extra users can enable another version of the IP reputation per personal IP protection security layer. This daily updated Huawei security IP reputation database is generated by 12 worldwide data centers what are analyze 12 billion queries per day, track IP addresses of the most active 5 million zombies.
Both will prevent attacks by common used botnets and/or abused source IP subnets.
By API request IP subnets can be added and removed to the DDoS protection. This way you can for example announce a /24 and add only a /32 by automation to the DDoS protection. This way all data traffic will be forwarded transparently and only the single IP is filtered.
Secondly, API requests can also be used to add/remove IP subnets to Flowspec.
Personal DDoS Protection Cloud training
Everyone with a bit of IP knowledge can work with the Serverius DDoS Protection Cloud client panel. At the first time seeing all functionality some people will be a little bit scared to use them. Therefore Serverius provides personal training by a NOC engineer. It will put all functionality in perspective and it will show you the great functionality. These personal training sessions can take place by telephone or at one of the Serverius office meeting rooms or private location (travel cost will be invoiced as an extra). Language are English, Dutch, or Russian.