The system used to protect against DDoS includes not one, but several software and hardware systems, including the Arbor Pravail and F5. Purification and analysis of the traffic carried directly into the network using specialized software tools.
This system provides protection against these types of attacks:
TCP-flood;
SYN-flood;
Illegitimate combination of TCP-flags;
Attack on TCP-session type TCP Idle, Slow TCP and others;
Attack on the HTTP-session (Slowloris, Pyloris etc.);
HTTP-flood;
DNS-flood;
DNS Cache Poisoning;
UDP-flood;
ICMP-flood;
Attack IP-, TCP and UDP-fragments;
Attacks on VoIP and SIP.
In case of attack can be used following methods:
Invalid packet List - packet filtering, do not conform to RFC;
The creation of black and white list IPv4- and IPv6-addresses;
GeoIP Filter Lists - traffic filtering by country (block traffic from countries where it comes from the highest number of DDoS-attacks).
GeoIP Policing - policed traffic by country (monitoring incoming traffic and limit traffic from the countries from which comes the highest number of DDoS-attacks);
Flexible Zombie Detection - detection of zombies and creating profiles of legitimate traffic;
TCP SYN Authentication - opposition to flood through the TCP-client authentication;
DNS Authentication - combating DNS-flood through client authentication;
DNS Scoping - validation of DNS-queries with regular expressions;
DNS Malformed - checking DNS-requests to the appropriate RFC;
DNS Rate Limiting - limiting the number of DNS-queries one IP-address (suitable only for resources with a small attendance: in our country providers often use NAT. It is a typical case is when "gray" subnet / 16 comes to the Internet through a single IP and all DNS-requests go to the same address);
DNS NXDomain Rate Limiting - validation of DNS-responses. This intended for attacks in which the cache of DNS-servers overflows invalid entries; it is aimed at tracing requests from a non-existent DNS-name;
DNS Regular Expression - DNS-filtering requests on regular expressions;
TCP Connection Reset - to prevent too many TCP-connections;
Payload Regular Expression - traffic filtering by regular expression applied to Payload- packages;
HTTP Malformed - Blocking of HTTP-traffic not conforming to RFC;
HTTP Rate Limiting - limiting the number of HTTP-requests to the same IP-address;
HTTP Scoping - validation of HTTP-queries with regular expressions;
SSL Negotiation - blocking SSL-traffic not conforming to RFC;
AIF and HTTP / URL Regular Expression - the imposition of AIF signatures on analyzed traffic;
SIP Malformed - blocking SIP-traffic not conforming to RFC;
SIP Request Limiting - limiting the number of SIP-queries per IP-address.
How it works
Customers ordering the service of protection against DDoS, we provide protected IP-addresses (one address is included in the base rate, additional addresses can be ordered via the control panel). We also highlight a special lane for protected traffic. Traffic from the Internet goes to the protected address through our network of partners, where is in the process of cleaning.
All illegitimate traffic is dropped at the network partner. Customers supplied only cleared traffic. Outgoing traffic thus falls into the Internet infrastructure through us.