DDoS attacks are becoming more widespread. They are used to disrupt services and servers, attacks can be very destructive because they can take down your entire website or network without you even knowing about it. These attacks are becoming more popular because they can be carried out by those with little technical knowledge.
DDoS attacks are often carried out by botnets, which are networks of compromised computers that are controlled by a single user or group of users. Botnets can be infected with malware that allows the attacker to remotely control their actions.
The goal of these attacks is to overwhelm a server or network with traffic so it cannot handle legitimate requests, effectively “hijacking” the system’s bandwidth or processing power. The user may not notice anything wrong until their website stops responding while trying to load content or tries to connect to a server on another continent.
The best way to protect yourself from DoS and DDoS attacks is through good cybersecurity practices including choosing wisely your hosting provider and closing your unused ports for small to medium scale servers.
The BGP flow specification (flowspec) feature allows you to rapidly deploy and propagate filtering and policing functionality among a large number of BGP peer routers to mitigate the effects of a distributed denial-of-service (DDoS) attack over your network.
In traditional methods for DDoS mitigation, such as RTBH (remotely triggered blackhole), a BGP route is injected advertising the website address under attack with a special community. This special community on the border routers sets the next hop to a special next hop to discard/null, thus preventing traffic from suspect sources into your network. While this offers good protection, it makes the Server completely unreachable.
BGP flowspec, on the other hand, allows for a more granular approach and lets you effectively construct instructions to match a particular flow with source, destination, L4 parameters and packet specifics such as length, fragment and so on. Flowspec allows for a dynamic installation of an action at the border routers to
either:
• Drop the traffic
• Inject it in a different VRF for analysis or
• Allow it, but police it at a specific defined rate
The Positive Security model starts with the approach of “block everything” in the start and what you allow is positive. This model builds upon by permitting specific, approved traffic, action and other functions. Due its positive behavior and allowing only that traffic “which is positive” this model is mostly used by operating systems and firewalls and they feel safer.
We‘ve started developing complex filtering for game servers because gamers were in need of them, lots of people were tired of attacks that take down their servers and companies that weren’t interested and able to fix them, we offer guaranteed 99.9% of the malicious traffic filtering.
Our filtering solutions are based on the latest technologies and are designed to protect your server from DDoS and DoS attacks, no more compromises, no more downtime, no more problems.
We have programmed an automation that captures the malicious traffic that is reaching your server if our filtering solutions fails to filter the attack, the captured attack will be then fixed in under 36 hours, this measure allows us to explore the attacks used and be ahead of hackers that try to take your services offline.
We are reaching up to 99% of malicious traffic filtering on our network by using a positive security model, our custom filtering profiles are custom made and applied in house in order to reach the best performance and latency, we offer a 3,4 tbps total filtering capacity with the possibility to filter complex attacks that may bypass the transit filtering up to 100 M PPS.