DDoS IP protection
“DDoS IP protection for private networks. It defends your IP network infrastructure against large scale DDoS attacks”
The Serverius DDoS IP protection service protects network Layer 2 and Layer 3 BGP networks. Its unique web portal with integrated API functionality offers BGP network full control and easy integration. Therefore it’s the best DDoS Layer 3 and 4 mitigation service without any IP limits, missing technology, or hidden cost afterward.
Proven DDoS attack IP protection
Private BGP network DDoS protection to defend any IP network environment. It defends you against complex DDoS attacks, ensuring the continuity of your IP infrastructure.
Per /32 IP defense
API-first client panel
No attack limits!
Centrally managed DDoS client panel
To be prepared for future attacks, users can configure their defenses upfront. A straightforward configuration for only a single /32 subnet, or an advanced configuration for multiple /24 subnets, can all be configured by the Serverius client panel.
In-line or out-of-path protection
It’s up to the user to decide which DDoS protection method he will use: in-line (always-on), or out-of-path by using a flow analyzer to automatically re-route traffic when there is a DDoS attack. The Serverius NOC as a Service can install, configure and maintain Flow analyzers like Wanguard. This will ensure that complex configuration will work during advanced DDoS attacks, and will remain working for a long time.
Serverius is an official Wanguard reseller and offers 24×7 NOCaaS support on Wanguard environments. Users can purchase discounted Wanguard licenses and put them under management of Serverius.
European protection performance
Serverius its Dutch low latency scrubbing facilities will block DDoS attacks within a split of a second. For many years it has been the largest DDoS cleaning engine in the Netherlands. No other Dutch party will come even close. In addition to the large mitigation capacity, Serverius’s known premium network quality offers low latency and premium route quality to any European network. Read more »
Protection per /32 IP or larger subnets
Users with their own ASN can use the DDoS IP protection service as one of their normal IP transit carriers. Just by announcing a /24 or larger to Serverius and select enable 1 or multiple IPs for protection. All IPs of the /24 are not filtered by default, only the ones you will enable for protection.
For example, when a /32 is attacked, but the /24 is announced, only the /32 is filtered by the DDoS IP protection service!
This way it will save some higher latency and possible false positives to the IP subnets that are not under attack.
- Free setup:Free setup:
- Clean/normal data-traffic limit:Clean/normal data-traffic limit:
- Dirty DDoS data-traffic:Dirty DDoS data-traffic:
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Free IP announcement (or you can use a free Serverius /28 IPv4)
- Amount of protected IP subnets:Amount of protected IP subnets:
- IPv4 & IPv6 ready:IPv4 & IPv6 ready:
- Amount of Safe Zones:Amount of Safe Zones:
- Usable DDoS protection service to protect IP networks outside ServeriusUsable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers:Delivery by GRE tunnels to both Serverius data centers:
- Delivery to other European data centers by SpeedIXDelivery to other European data centers by SpeedIX
- BGP flowspec rules included:BGP flowspec rules included:
- Amount of filter (firewall rules):Amount of filter (firewall rules):
- DDoS protection (rest) API api.serverius.netDDoS protection (rest) API api.serverius.net
- Advanced API-first client-panelAdvanced API-first client-panel
- On to one product training by on-site or Skype or phone:On to one product training by on-site or Skype or phone:
- Default service delivery timeDefault service delivery time
TIN
299,-
monthly
- Free setup:€ 199,-
- Clean/normal data-traffic limit:50Mbps
- Dirty DDoS data-traffic:Up to 20Gbps / 1Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)
- Amount of protected IP subnets:Up to a /24 single IPv4 & /48 IPv6 subnets
- IPv4 & IPv6 ready:
- Amount of Safe Zones:1
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers: Single
- Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
- Amount of filter (firewall rules):1
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone:
- Default service delivery time1 day
BRONZE
699,-
monthly
- Free setup:
- Clean/normal data-traffic limit:250Mbps
- Dirty DDoS data-traffic:500Gbps+ / 50Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Up to a /18 in total.
- Amount of protected IP subnets:Up to a /18 IPv4 – /32 IPv6 (one LOA) under the ASN's that are used by the same organization.
- IPv4 & IPv6 ready:
- Amount of Safe Zones:5
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers:2x redundant
(4 GRE tunnnels) - Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
Rule amount: 2 - Amount of filter (firewall rules):3
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone: 1 day
- Default service delivery time1 day
SILVER
999,-
monthly
- Free setup:
- Clean/normal data-traffic limit:500Mbps
- Dirty DDoS data-traffic:750Gbps+ / 100Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Up to a /17 in total.
- Amount of protected IP subnets:Up to a /17 IPv4 – /32 IPv6 (one LOA) under the ASN's that are used by the same organization.
- IPv4 & IPv6 ready:
- Amount of Safe Zones:5
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers: 3x redundant
(6 GRE tunnnels) - Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
Rule amount: 5 - Amount of filter (firewall rules):5
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone: 2 days
- Default service delivery time1 day
GOLD
1399,-
monthly
- Free setup:
- Clean/normal data-traffic limit:1Gbps
- Dirty DDoS data-traffic:1Tbps+ / 150Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Up to a /16 in total.
- Amount of protected IP subnets:Up to a /16 IPv4 – /32 IPv6 (one LOA) under the ASN's that are used by the same organization.
- IPv4 & IPv6 ready:
- Amount of Safe Zones:7
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers: 4x redundant
(8 GRE tunnnels) - Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
Rule amount: 10 - Amount of filter (firewall rules):7
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone: 2 day
- Default service delivery time1 day
PLATINUM
1999,-
monthly
- Free setup:
- Clean/normal data-traffic limit:2Gbps
- Dirty DDoS data-traffic:1,5Tbps+ / 200Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Up to a /15 in total.
- Amount of protected IP subnets:Up to a /15 IPv4 – /32 IPv6 (one LOA) under the ASN's that are used by the same organization.
- IPv4 & IPv6 ready:
- Amount of Safe Zones:10
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers: 5x redundant
(10 GRE tunnnels) - Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
Rule amount: 15 - Amount of filter (firewall rules):10
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone: 3 day
- Default service delivery time1 day
DIAMOND
3600,-
monthly
- Free setup:
- Clean/normal data-traffic limit:5Gbps
- Dirty DDoS data-traffic:1,5Tbps+ / 250Mpps
- Layer 3 and 4 volume DDoS protection & low latency basic layer 7
- Unlimited amount of Layer 3 and 4 DDoS volume attack included:
- Free IP announcement (or you can use a free Serverius /28 IPv4)Up to a /14 in total.
- Amount of protected IP subnets:Up to a /14 IPv4 – /32 IPv6 (one LOA) under the ASN's that are used by the same organization.
- IPv4 & IPv6 ready:
- Amount of Safe Zones:20
- Usable DDoS protection service to protect IP networks outside Serverius
- Delivery by GRE tunnels to both Serverius data centers: 6x redundant
(12 GRE tunnnels) - Delivery to other European data centers by SpeedIX
- BGP flowspec rules included:
Rule amount: 20 - Amount of filter (firewall rules):10
- DDoS protection (rest) API api.serverius.net
- Advanced API-first client-panel
- On to one product training by on-site or Skype or phone: 5 day
- Default service delivery time1 day
(In combination with other Serverius services, package discounts are given.)
Service connection options
During a DDoS attack, the data traffic to your IPs needs to be routed to the Serverius IP network. Here, the traffic is cleaned, removing any malicious traffic that is part of the attack. The cleaned data traffic is then sent back to your own BGP/IP network, ensuring that your users can continue to access your online assets.
There are several ways to connect to the Serverius DDoS protection service. Some options include using a GRE connection, a dedicated cross-connect connection, or a hybrid connection that combines both methods. Each option has its own set of benefits and drawbacks, and it’s important to choose the right one for your needs. In general, Serveirus offers the following options:
By 2nd BGP session on SpeedIX, NL-IX, or AMS-IX.
If you are a member of one of the 3 major Dutch internet exchanges, you can create a 2nd BGP session to Serverius and announce your IP subnets under your ASN.
By Serverius its Internet connectivity service
When using the Serverius Internet connectivity service, any IP subnet that is announced under the Serverius ASN can be protected with just one mouse click in the client panel or API. Any Layer 2 network IP and BGP layer 3 internet service will work.
By physical fiber connection: cross-connect
Direct/physical fiber connection at one of the Serverius Point of Presence (PoPs) in almost all Dutch data centers.
By GRE tunnel from your BGP network to Serverius
Redundant GRE tunnels where you can announce your private IPs under your own ASN. You can use GRE tunnels to multiple physical Serverius data centers.
By carrier VLAN to a Serverius PoP
A VLAN by any European carrier to a Dutch Point of Presence (PoP) in the Netherlands.
Configure your DDoS defenses yourself
Your ASN, it’s your network. Only you know the specific services that need protection. To create a customized DDoS protection environment that is effective for your needs, Serverius offers an API-first client panel where you can design your own defense layer per IP subnet. This not only improves the security of your protected applications, but also saves time and effort in communication with Serverius about irrelevant matters. Additionally, the panel allows you to make immediate adjustments to your configurations during DDoS attacks to protect your network better.
Currently, Serverius is working on the new V2 DDoS protection service. It will probably be launched in Q1 2023. The engine of V2 has even more cleaning performance, new technology like AI additions, and offers a new API and client panel. Here are a few examples of the client panel:
- Easily create zones with pre-made templates (default configurations).
- Create “Filters” to parse specific traffic.
- Block IP addresses and let IP addresses bypass a zone.
- Easily add IPv4 and IPV6 addresses in CIDR format.
- Better performing and new extensive API.
API-managed DDoS protection
The new V2 DDoS protection service is built 100% on APIs. API-controlled functionality is essential for DDoS protection services because it allows the user to quickly and easily defend their IP against attacks using simple automation. This is important because DDoS attacks can be complex and constantly evolving, and manual intervention is often not fast enough to keep up with the attack and prevent disruption.
With an API-controlled DDoS protection service, the user can set up protection rules and configurations to automatically defend their IP against DDoS attacks. This can include adding IP subnets to be scrubbed by the DDoS protection service, blocking certain types of traffic, changing configuration, and request statistics, or receiving notifications.
The use of automation through an API also has the benefit of saving the user time and stress, as they do not have to constantly monitor the service and intervene manually. Additionally, it reduces the risk of false positives, where legitimate traffic is mistakenly blocked by the DDoS protection service.
A DDoS protection service that is written using an “API first” method means that every function in the client panel is also available through the API. This allows the user to integrate the DDoS protection service into their own client environments, allowing them to easily manage the service for their clients.
In short, API-controlled functionality is essential for DDoS protection services because it allows the user to quickly and easily defend their IP against attacks using automation. This can prevent downtime, save the user time and stress, and reduce the risk of false positives. A “API first” approach to DDoS protection also allows for easy integration into the user’s own client environments. You can see all functionality at api.serverius.net
Default DDoS defense technology
At Serverius, we understand the importance of protecting your websites and networks from DDoS attacks. That’s why our DDoS protection service is designed to block all known types of DDoS attacks by default.
But we know that DDoS attacks are constantly evolving, and new threats are emerging all the time. That’s why our Network Operations Center (NOC) team is always on hand to support our users 24/7, adding new attack signatures and staying up-to-date on the latest threats.
In addition to our default protection, users also have the option to create custom settings using combinations of signatures and rules to protect against any future DDoS attacks on their custom applications. This allows you to tailor your protection to your specific needs and give you peace of mind knowing that your websites and networks are secure.
Overall, the Serverius DDoS protection service is a comprehensive solution that will keep your websites and networks safe from DDoS attacks. With our team of experts and customizable options, you can have confidence that your online presence is secure.
- Defense against protocol abuse attacks
Defense against LAND, Fraggle, Smurf, Winnuke, Ping of Death, Teardrop, and TCP Error Flag attacks
- Web application protection
Defense against HTTP GET flood, HTTP POST flood, HTTP slow header, HTTP slow POST, HTTPS flood, WordPress reflection and amplification, RUDY, and LOIC attacks; packet validity check
- Defense against scanning and sniffing attacks
Defense against address sweep and port scan attacks, and attacks using Tracert packets and IP options, such as IP source routing, timestamp, and route record options
- DNS application protection
Defense against DNS Query flood, DNS Reply flood, and DNS cache poisoning attacks; source-based rate limiting
- Defense against network-type attacks
Defense against SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, UDP flood, UDP Fragment flood, IP flood, ICMP flood, TCP connection flood, SockStress, TCP retransmission, and TCP null connection attacks
- SIP application protection
Defense against SIP flood and SIP Methods flood attacks, including Register flood, De-registration flood, Authentication flood, and Call flood attacks; support for source rate limiting
- Defense against UDP reflection and amplification attacks
Defense against NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, PortMapper, Microsoft SQL Resolution Service, RIPv1, and Steam Protocol reflection and amplification attacks
- Filter
IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters
- Attack signature databases
RUDY, SlowHTTPTest, SlowLoris, LOIC, AnonCannon, RefRef, ApacheKill, ApacheBench; automatic update every week