DDoS protection

Protection is just $3.00 / IP / month

DDoS mitigation is a set of network management techniques and/or tools, for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet, by protecting the target, and relay networks. DDoS attacks are a constant threat to businesses and organizations, by delaying service performance, or by shutting down a website entirely.

The consequences of DDoS attacks differ depending on the type of entity affected. For businesses, the ramifications of such attacks often involve lost sales and customer dissatisfaction. Media outlets and social groups, on the other hand, face the muzzling of their voices when targeted by DDoS attacks. For governments, these attacks can impede their ability to communicate with the public and their employees. For gamers, the effect of DDoS attacks is the loss of competitiveness to their adversaries.

1. Detection – in order to stop a distributed attack, a website needs to be able to distinguish an attack from a high volume of normal traffic. If a product release or other announcement has a website swamped with legitimate new visitors, the last thing the site wants to do is throttle them or otherwise stop them from viewing the content of the website. IP reputation, common attack patterns, and previous data assist in proper detection.

2. Response – in this step, the DDoS protection network responds to an incoming identified threat by intelligently dropping malicious bot traffic, and absorbing the rest of the traffic. Using WAF page rules for application layer (L7) attacks, or another filtration process to handle lower level (L3/L4) attacks such as memcached or NTP amplification, a network is able to mitigate the attempt at disruption.

3. Routing – By intelligently routing traffic, an effective DDoS mitigation solution will break the remaining traffic into manageable chunks preventing denial-of-service.

4. Adaptation – A good network analyzes traffic for patterns such as repeating offending IP blocks, particular attacks coming from certain countries, or particular protocols being used improperly. By adapting to attack patterns, a protection service can harden itself against future attacks.

A good practice is to use a Web Application Firewall (WAF) against attacks, such as SQL injection or cross-site request forgery, that attempt to exploit a vulnerability in your application itself. Additionally, due to the unique nature of these attacks, you should be able to easily create customized mitigations against illegitimate requests which could have characteristics like disguising as good traffic or coming from bad IPs, unexpected geographies, etc. At times it might also be helpful in mitigating attacks as they happen to get experienced support to study traffic patterns and create customized protections.

Some protection methods may require a support ticket to be enabled.