DDoS IP protection
“DDoS IP protection for private networks. It defends your IP network infrastructure against large scale DDoS attacks”
The Serverius DDoS IP protection service protects network Layer 2 and Layer 3 BGP networks. Its unique web portal with integrated API functionality offers BGP network full control and easy integration. Therefore it’s the best DDoS Layer 3 and 4 mitigation service without any IP limits, missing technology, or hidden cost afterward.
Proven DDoS attack IP protection
Private BGP network DDoS protection to defend any IP network environment. It defends you against complex DDoS attacks, ensuring the continuity of your IP infrastructure.
Per /32 IP defense
API-first client panel
No attack limits!
Centrally managed DDoS client panel
To be prepared for future attacks, users can configure their defenses upfront. A straightforward configuration for only a single /32 subnet, or an advanced configuration for multiple /24 subnets, can all be configured by the Serverius client panel.
In-line or out-of-path protection
It’s up to the user to decide which DDoS protection method he will use: in-line (always-on), or out-of-path by using a flow analyzer to automatically re-route traffic when there is a DDoS attack. The Serverius NOC as a Service can install, configure and maintain Flow analyzers like Wanguard. This will ensure that complex configuration will work during advanced DDoS attacks, and will remain working for a long time.
Serverius is an official Wanguard reseller and offers 24×7 NOCaaS support on Wanguard environments. Users can purchase discounted Wanguard licenses and put them under management of Serverius.
European protection performance
Serverius its Dutch low latency scrubbing facilities will block DDoS attacks within a split of a second. For many years it has been the largest DDoS cleaning engine in the Netherlands. No other Dutch party will come even close. In addition to the large mitigation capacity, Serverius’s known premium network quality offers low latency and premium route quality to any European network. Read more »
Protection per /32 IP or larger subnets
Users with their own ASN can use the DDoS IP protection service as one of their normal IP transit carriers. Just by announcing a /24 or larger to Serverius and select enable 1 or multiple IPs for protection. All IPs of the /24 are not filtered by default, only the ones you will enable for protection.
For example, when a /32 is attacked, but the /24 is announced, only the /32 is filtered by the DDoS IP protection service!
This way it will save some higher latency and possible false positives to the IP subnets that are not under attack.
(In combination with other Serverius services, package discounts are given.)
Service connection options
During a DDoS attack, the data traffic to your IPs needs to be routed to the Serverius IP network. Here, the traffic is cleaned, removing any malicious traffic that is part of the attack. The cleaned data traffic is then sent back to your own BGP/IP network, ensuring that your users can continue to access your online assets.
There are several ways to connect to the Serverius DDoS protection service. Some options include using a GRE connection, a dedicated cross-connect connection, or a hybrid connection that combines both methods. Each option has its own set of benefits and drawbacks, and it’s important to choose the right one for your needs. In general, Serveirus offers the following options:
By 2nd BGP session on SpeedIX, NL-IX, or AMS-IX.
If you are a member of one of the 3 major Dutch internet exchanges, you can create a 2nd BGP session to Serverius and announce your IP subnets under your ASN.
By Serverius its Internet connectivity service
When using the Serverius Internet connectivity service, any IP subnet that is announced under the Serverius ASN can be protected with just one mouse click in the client panel or API. Any Layer 2 network IP and BGP layer 3 internet service will work.
By physical fiber connection: cross-connect
Direct/physical fiber connection at one of the Serverius Point of Presence (PoPs) in almost all Dutch data centers.
By GRE tunnel from your BGP network to Serverius
Redundant GRE tunnels where you can announce your private IPs under your own ASN. You can use GRE tunnels to multiple physical Serverius data centers.
By carrier VLAN to a Serverius PoP
A VLAN by any European carrier to a Dutch Point of Presence (PoP) in the Netherlands.
Configure your DDoS defenses yourself
Your ASN, it’s your network. Only you know the specific services that need protection. To create a customized DDoS protection environment that is effective for your needs, Serverius offers an API-first client panel where you can design your own defense layer per IP subnet. This not only improves the security of your protected applications, but also saves time and effort in communication with Serverius about irrelevant matters. Additionally, the panel allows you to make immediate adjustments to your configurations during DDoS attacks to protect your network better.
Currently, Serverius is working on the new V2 DDoS protection service. It will probably be launched in Q1 2023. The engine of V2 has even more cleaning performance, new technology like AI additions, and offers a new API and client panel. Here are a few examples of the client panel:
- Easily create zones with pre-made templates (default configurations).
- Create “Filters” to parse specific traffic.
- Block IP addresses and let IP addresses bypass a zone.
- Easily add IPv4 and IPV6 addresses in CIDR format.
- Better performing and new extensive API.
Default DDoS defense technology
At Serverius, we understand the importance of protecting your websites and networks from DDoS attacks. That’s why our DDoS protection service is designed to block all known types of DDoS attacks by default.
But we know that DDoS attacks are constantly evolving, and new threats are emerging all the time. That’s why our Network Operations Center (NOC) team is always on hand to support our users 24/7, adding new attack signatures and staying up-to-date on the latest threats.
In addition to our default protection, users also have the option to create custom settings using combinations of signatures and rules to protect against any future DDoS attacks on their custom applications. This allows you to tailor your protection to your specific needs and give you peace of mind knowing that your websites and networks are secure.
Overall, the Serverius DDoS protection service is a comprehensive solution that will keep your websites and networks safe from DDoS attacks. With our team of experts and customizable options, you can have confidence that your online presence is secure.
- Defense against protocol abuse attacks
Defense against LAND, Fraggle, Smurf, Winnuke, Ping of Death, Teardrop, and TCP Error Flag attacks
- Web application protection
Defense against HTTP GET flood, HTTP POST flood, HTTP slow header, HTTP slow POST, HTTPS flood, WordPress reflection and amplification, RUDY, and LOIC attacks; packet validity check
- Defense against scanning and sniffing attacks
Defense against address sweep and port scan attacks, and attacks using Tracert packets and IP options, such as IP source routing, timestamp, and route record options
- DNS application protection
Defense against DNS Query flood, DNS Reply flood, and DNS cache poisoning attacks; source-based rate limiting
- Defense against network-type attacks
Defense against SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, UDP flood, UDP Fragment flood, IP flood, ICMP flood, TCP connection flood, SockStress, TCP retransmission, and TCP null connection attacks
- SIP application protection
Defense against SIP flood and SIP Methods flood attacks, including Register flood, De-registration flood, Authentication flood, and Call flood attacks; support for source rate limiting
- Defense against UDP reflection and amplification attacks
Defense against NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, PortMapper, Microsoft SQL Resolution Service, RIPv1, and Steam Protocol reflection and amplification attacks
IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters
- Attack signature databases
RUDY, SlowHTTPTest, SlowLoris, LOIC, AnonCannon, RefRef, ApacheKill, ApacheBench; automatic update every week