User Tools

Site Tools


ddos

DDOS Protection

What does this service do?

This addon provides you with an affordable source of Denial Of Service protection.

If you don't know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it's unlikely you need this :)

How much does it cost ?

Protected IP addresses cost $3.00/month per IP address in all locations we operate.

How much filtering is provided?

We provide over 140 million packets-per-second of filtering or over 100gbit/sec for volumetric floods.

This amount of protection is not dedicated to you but is a pool all protected users share from in each location.

What types of floods does it protect against?

Here is an exhaustive list of floods that our filtering helps protect against:

  • TCP SYN + ACK
  • TCP FIN
  • TCP RESET
  • TCP ACK
  • TCP ACK + PSH
  • TCP Fragment
  • TCP (SYN, etc.), ICMP, UDP Floods
  • HTTP URL GET/POST Floods
  • Malformed HTTP Header Attacks
  • Slow-HTTP Request Attacks
  • SYN Floods Against SSL Protocols
  • Malfromed SSL Attacks
  • SSL Renegotiation Attacks
  • SSL Exhaustion (Single Source/Distributed Source)
  • DNS Cache Poising Attacks
  • DNS Request Flood
  • SIP Request Floods
  • IGMP
  • Brute Force
  • Connection Flood
  • Spoofing / Non-Spoofed
  • Mixed SYN + UDP or ICMP + UDP flood
  • Ping of Death
  • Smurf
  • Reflected ICMP and UDP
  • Teardrop
  • Botnets
  • Blackenergy, Darkness, YoYoDDoS, etc
  • Common DoS/DDoS Tools
  • Slowloris/Pyloris, Pucodex, Sockstress, ApacheKiller
  • Voluntary Botnets
  • HOIC, LOIC, Etc
  • Application Attacks
  • Zero-day DDoS attacks
  • DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities

As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection.

In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through.

What extra features do you include?

You can configure your DDOS protection to your preferred mode within Stallion:

In sensing mode, no filters/blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use always on mode, the following ACL's are enforced:

These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.

What subnets does the the Layer 7 protection use?

Layer 7 protection connections will come from the following subnets.

93.115.83.64/26
93.115.90.64/26
5.254.88.64/26
5.254.110.0/26
5.254.107.0/26
5.254.115.128/26
5.254.108.64/26

You'll need to configure your webserver to assign the users connecting IP from the X_FORWARDING_FOR field. In NGINX you'll want to use a setup like:

set_real_ip_from 93.115.83.64/26;
set_real_ip_from 93.115.90.64/26;
set_real_ip_from 5.254.88.64/26;
set_real_ip_from 5.254.110.0/26;
set_real_ip_from 5.254.107.0/26;
set_real_ip_from 5.254.115.129/26;
set_real_ip_from 5.254.108.64/26;
real_ip_header X-Forwarded-For;

For Apache 2.2 you'll have to install mod_rpaf to do this for you.

For Apache 2.4 you'll want to install mod_remoteip. You'll want to configure mod_remoteip the following way:

RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 93.115.83.64/26
RemoteIPInternalProxy 93.115.90.64/26
RemoteIPInternalProxy 5.254.88.64/26
RemoteIPInternalProxy 5.254.110.0/26
RemoteIPInternalProxy 5.254.107.0/26
RemoteIPInternalProxy 5.254.115.129/26
RemoteIPInternalProxy 5.254.108.64/26

Is there an SLA?

Our filtering carries a 99.9% uptime SLA.

This SLA does not cover users getting application layer floods.

Where can I order a DDOS protected IP address?

While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection' field.

How long do I have to wait to be activated?

DDOS protected IP's are automatically bound at order time. Ordering them at any other time will take anywhere from 5 minutes to a few hours depending on the time of day.

Where can I find my protected IP address once I've been provisioned?

You can find your IP address listed in Stallion.

What services will you not protect?

Please abide by our Terms of Service and Acceptable Use Policy for a list of applications allowed on our network.

TL;DR Camfrog is fine.

ddos.txt · Last modified: 2016/05/08 02:24 by Francisco Dias