DDoS Protection

DDoS Protection provides your servers and applications with added security. By protecting your resources from denial-of-service attacks, you lower the risk of service unavailability and subsequent financial losses.

DDoS Protection can be enabled at any time, even during a live attack. Traffic is mitigated using hardware and software solutions, and only clean packets reach your server.

DDoS protection prices

Prices and curriences apply to the following countries:

    All prices include 18% VAT

    Features

    Cost-effective

    Pay only for clean incoming traffic.

    Transparent

    Our reporting system includes information on the scale and duration of attacks.

    Customizable

    Protection plans are configured to meet your project’s needs.

    How we clean traffic

    We offer protected IP addresses (one address is included in the base fee and more can be ordered from the control panel) and a dedicated channel for secure traffic.

    Incoming Internet traffic is first transferred to equipment for filtering. All illegitimate traffic is dumped and only clean traffic actually makes it to you.

    When ordering our service, you will have to indicate:

    • the server’s primary purpose
    • the number of IP addresses that need to be protected
    • the desired protective measures

    We will put together a defense strategy based on the information you provide us with and that best fits your project. Protection packages have been developed for the most common server types (web servers, application servers, DNS servers).

    DDoS Protection is available for Dedicated Server and Colocation clients (including clients renting racks, cages, and suites).

    Read about how we clean traffic in our blog.


    Attacks and protective measures

    Our system protects against the following kinds of attacks

    • TCP floods
    • SYN floods
    • UDP floods
    • DNS floods
    • ICMP floods
    • HTTP floods
    • DNS spoofing (cache poisoning)
    • VoIP and SIP attacks
    • SSL attacks
    • sockstress attacks
    • IP, TCP, and UDP fragment attacks
    • illegal TCP flag combinations
    • HTTP session attacks (Slowloris, Pyloris, etc.)
    • TCP session attacks, such as TCP Idle, Slow TCP, etc.

    The following countermeasures can be taken in the event an attack is detected:

    • Invalid RFC packet filtering (Invalid packet List)
    • Black and white IPv4 and IPv6 address lists
    • Traffic filtering and policing by country (GeoIP Filtering and Policing ) – monitors, limits, and blocks traffic from countries where the most DDoS attacks are launched from
    • Request checks for RFC compliance (DNS Malformed, HTTP Malformed, SIP Malformed)
    • Request limiting from a single IP address (DNS Rate Limiting, HTTP Rate Limiting, SIP Request Limiting)
    • DNS response validation (DNS NX Domain Rate Limiting)
    • Prevention of extended TCP connections (TCP Connection Reset)
    • Traffic filtering by applying regular expressions to Payload packets (Payload Regular Expression)
    • Request validation with regular expressions (HTTP Scoping, DNS Scoping)
    • Blocking of SSL traffic that isn’t RFC compliant (SSL Negotiation)
    • Vulnerability signature tracking

    You may also be interested in

    Dedicated Servers

    Bare metal servers with unlimited traffic.

    Learn more

    Server Racks

    Mount equipment in private 8kVA server racks.

    Learn more