DDoS protection

The Serverius cyber security suite protects any IP infrastructure against any layer 3 and 4 DDoS attacks. Advanced layer 7 application DDoS protection, BGP features, API functionality, Flowspec, high performance Web Application Firewall, etc. it’s all included!

This service is offered without technical limits for a clear amount per month without extra cost afterwards.

Under DDoS attack?

The Serverius Security Operation Center (SOC) can assist you when you are under attack. You can reach our emergency support by phone or mail. 

Protect any IP or Web Application

After many years of in-house development by the Serverius Research and Development department (R&D) we created the most sophisticated worldwide DDoS protection service. Our technology will help you defending any kind of DDoS attack:
Protocol abuse attack defense

Defense against IP spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.

Web attack defense

Defense against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP slow header flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.

Advanced HTTP(S) defense

HTTPS source authentication defense, flood control rate-limits per source IP, use your own SSL certificates, first HTTPS packet checks, sockstress checks, custom build capcha per domain, advanced HTTP(S) layer 7 URL logging, etc.

Protection of more than 1Tbps

By using the 3TB Serverius network capacity and carrier equipment with our own technology the DDoS protection can handle large volume DDoS attacks of more than 1Tbps.

Mobile attack defense

Defensible DDoS attacks launched by mobile botnets, for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.

Botnet traffic blocking:

Blocking of controlling traffic of botnets, active zombies, Trojan horses, worms, and tools, such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest,Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS, and so on C&C DNS request traffic blocking

Feature-based filtering Blacklist

HTTP/DNS/SIP/DHCP field-based filtering, and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.

DNS attack defense

Defense against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.

Network-layer attack defense

Defense against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.

SIP attack defense

Defense against SIP methods Flood attacks.

Hundreds of attacks per month

“In 2018 an average of 1700 DDoS attacks per month were defended, ranging from tiny layer 7 application to high volume 1Tbps attacks. 100% were successfully mitigated.”

Create & control your environment

The Cyber security suite is offered by a web-based graphical user interface where users see, change and configure their own protection layers.

 

DDoS protection by tunable technology

All technical features let users fully configure and control their level of protection by API or controlpanel. Below some examples.

apiFull featured rest API

Almost all functions of the Cybersecurity portfolio are available by API. Therefore users have the ability to automate their protection and integrate it into their own client environments. More at: api.serverius.net

Include & exclude IP subnets

When you are using the Serverius DDoS protection to protect your private IP infrastructure, you can forward all data traffic transparently and enable protection for smaller subnets like a /32 single IP address. It’s even possible to exclude IP subnets from larger subnets.

Custom made IP security

Users can create a personalized protection environment called Safe Zones. Every Safe Zone can hold one or multiple IPv4  (up to a /32 up to a /19) and IPv6 subnets where multiple security feature can be enabled. This way the user can create specific configuration per IP, per software application, per Web Application.

The most important layer is the “baseline” protection layer (see image next to this text) where you can set all possible checks for TCP/UDP/ICMP/DNS/SIP/HTTP/HTTPS and other type of data traffic and protocols.

 

Global DDOS Safezone settings

Self learning user baseline

To achieve best possible protection level and to avoid any false positive, all configuration thresholds should be periodically tuned to match the safe zone traffic. Therefore the user specific thresholds can automatically be tuned by the “baseline learning mode”. The system will analyze the traffic of the safe zone for a period of time and will adjust the thresholds based on the analytic results.

Note: when a defense is enabled the protection system will only collect statistics on the traffic and will activate the defense mechanism only in case the traffic exceeds the threshold.

Learning Cycle (Days) : This value indicates the period of time for each learning cycle. The learning result is applied to the defense policy only after such a learning cycle ends.

Value Is Larger Than the Current Value the system automatically applies baseline learning results to defense policies once the learning cycle ends if the recommended value is larger than the current value.

Geographically IP blocking.

A location policy can permit, block, or implement traffic limiting for traffic of a country or a region.

Many attacks on the Internet are launched by attacks by controlling zombie hosts. These zombie hosts may be centrally located in a specific region. A location policy can block or implement traffic limiting by region, effectively prevents attacks from a specific region. In addition, a location policy can take the pass action on traffic from a trusted region.

Also, if you want to allow only one or more countries you can block all countries and allow only the countries you prefer.

Attack packet capture

When you are under attack you can capture packets and download them as .pcap files. This will help you to evaluate your attacks and make your protection layer even better.

It is useful to be able to capture a sample of an attack traffic. by clicking on the capture button, the system will start packet capturing on 1/1000 ratio. The system captures the packets based on the attack type and the destination IP address. The file will be saved when the system competed 1000 packets capturing or the system considered that the attack has been finished.

IP reputation protection

Tracking of most active 5 million zombies and automatic daily update of the IP reputation database to rapidly block attacks; local access IP reputation learning to create dynamic IP reputation based on local service sessions, rapidly forward service access traffic, and enhance user experience.

Attack signature database 

RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases; automatic weekly update of these signature databases

Filters (firewall rules)

Filters are like firewall rules, they will allow users to adjust their security layer to their IP subnets. It can block or ratelimit data traffic like firewall rules. As a result it will make a Safe Zones even more personal. Mostly it’s used to block specific types of data traffic and it’s the essential toolset to win the play of cat and mouse attacks.

Filter matching sequence
Packets match filters in the list from top to bottom. The matching stops only after the packets match any action defined in the filter. So for example, when a packet is sent from a IP of a source IP whitelist filter, the packets will be allowed and all filters below will not be applied anymore.