As part of the Cyber security suite, the DDoS protection is a all in one IP protection cloud service what offers users full control and clear insights.
The Cybersecurity suite its DDoS protection is offering high performance layer 3, 4 and next-gen 7 protection with full control and clear insights. Together with a full featured Web Application Firewall (WAF) it’s the best possible network with application layer DDoS defense on the market.
- Protocol abuse attack defense
Defense against IP spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.
- Web attack defenseDefense
against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP slow header flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.
- Scanning and sniffing attack defense
Defense against Port Scanning, IP Scanning, Tracert Control Packet, IP Option, IP Timestamp and IP Routing Record attacks.
- DNS attack defense
Defense against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.
- Network-layer attack defense
Defense against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.
- SIP attack defense
Defense against SIP methods Flood attacks.
- Mobile attack defense
Defensible DDoS attacks launched by mobile botnets, for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.
- Botnet traffic blocking:
Blocking of controlling traffic of botnets, active zombies, Trojan horses, worms, and tools, such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest,Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS, and so on C&C DNS request traffic blocking
- Feature-based filtering Blacklist
HTTP/DNS/SIP/DHCP field-based filtering, and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.
Full featured API
All main functions of the DDoS protection are available by API. This provides your own infra structure the ability to communicate automatically with the DDoS protection.
Personalized UDP, TCP, DNS, SIP, HTTP(s) service baseline
Many defense policies are available to create your policy per IP or per hosted application. You will choose the protection technologies, the machine learning system will change periodically all thresholds for you (based on your real usage).
Attack packet capture
When you are under attack you can capture packets and download them as .pcap files. This will help you to evaluate your attacks and make your protection layer even better.
- DDoS, bad bot protection in or outside the Serverius datacenters.
- Unlimited incoming (dirty) data traffic.
- Protection can operate in in-line or out of path mode.
- Protect up to 1048574 IPv4 (/12) and a million IPv6 (/32) IP subnets!
- Capable to defend up to 1Tbps+ DDoS attacks.
- Using the protection by Hybrid, GRE tunnel, direct fiber or colocation.
- Detailed attack notification by e-mail and/or SMS.
- Enable DDoS, bad-bot protection for 1 or many IP subnets.
- Add/remove/search IP subnets by API.
- Protect IPv4 and IPv6.
- Run protection in transparent modes: detect but not protect.
- Optional Flowspec rules. Configurable by hand at the client panel or API!
- Set rate-limits per single IP, group or large subnet!
- Geographically IP blocking.
- Enable/disable commercial IP reputation blacklists.
- Creating advanced firewall rules.
- Learning mode! Protected IP data-traffic and its behavior is analyzed and is used to automatically adjust a personal security layer!
- DDoS attack simulators to test your protection layer.
- Toptalker IP information for incoming and outgoing data traffic.
- Detailed attack reports per day, week or month.
- Black and whitelist your source IP subnets.