DDoS Protection
What does this service do?
This addon provides you with an affordable source of Denial Of Service protection.
These addresses are available then on your slice for you to use locally, or to tunnel to another machine.
We use the Path Network for our DDoS Protection on all DDoS Protected IPs.
We also offer an option for you to protect your own blocks (no smaller than a /24) of IP addresses.
If you don't know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it's unlikely you need this :)
How much does it cost ?
Protected IP addresses cost $3.00/month per IP address in all locations we operate.
Bringing your own IP blocks for protection are charged $50/mo per /24.
How much filtering is provided?
Path.net provides 3.5Tbit+ DDOS Protection on all DDOS Protected IPs.
What types of floods does it protect against?
Here is an exhaustive list of floods that our filtering helps protect against:
- TCP SYN + ACK
- TCP FIN
- TCP RESET
- TCP ACK
- TCP ACK + PSH
- TCP Fragment
- TCP (SYN, etc.), ICMP, UDP Floods
- HTTP URL GET/POST Floods
- Malformed HTTP Header Attacks
- Slow-HTTP Request Attacks
- SYN Floods Against SSL Protocols
- Malfromed SSL Attacks
- SSL Renegotiation Attacks
- SSL Exhaustion (Single Source/Distributed Source)
- DNS Cache Poising Attacks
- DNS Request Flood
- SIP Request Floods
- IGMP
- Brute Force
- Connection Flood
- Spoofing / Non-Spoofed
- Mixed SYN + UDP or ICMP + UDP flood
- Ping of Death
- Smurf
- Reflected ICMP and UDP
- Teardrop
- Botnets
- Blackenergy, Darkness, YoYoDDoS, etc
- Common DoS/DDoS Tools
- Slowloris/Pyloris, Pucodex, Sockstress, ApacheKiller
- Voluntary Botnets
- HOIC, LOIC, Etc
- Application Attacks
- Zero-day DDoS attacks
- DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities
As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection.
In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through.
What extra features do you include?
You can configure the DDoS Protection firewall, and add Application Filters on Stallion. Please note that the DDoS Protection firewall only works on a path.net protected IP. The firewall rules are configured per IP. To access these settings:
- Go to the VPS that has the address you would like to control.
- Choose the “Networking” tab.
- Press the gear next to the IP address you would like to configure.
- In the dropdown that appears, press “Configure DDOS Protection”
This will take you to the configuration page for the chosen IP. There are two tabs, Firewall Rules and Application Filters.
Firewall rules allow you to block or allow incoming traffic, based on source address, protocol, source and destination ports if applicable, Rules have optional descriptions as well, to allow you to note what the rule covers. More specific rules take precedence over less specific rules. A recommended strategy is to deny all traffic on all protocols, then only allow the traffic you need.
The application filters allow you to protect your applications against attacks that are specific to them.
Path.net currently offers these application filters:
- TeamSpeak 3
- OpenVPN (UDP)
- Half-Life 2 / Source Server
- FiveM Server (BETA)
- RAKNET (Rust, Minecraft Bedrock, Geyser, etc)
- TCP SYNPROXY (any TCP application)
Note: Some filters may require a ticket. (Such as Minecraft or HTTP Layer 7 Protection.)
Is there an SLA?
Our filtering carries a 99.9% uptime SLA.
This SLA does not cover users getting application layer floods.
Where can I order a DDOS protected IP address?
While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection' field.
How long do I have to wait to be activated?
DDoS protected IP's are automatically bound at order time. Ordering them at any other time will take anywhere from 5 minutes to a few hours depending on the time of day.
Where can I find my protected IP address once I've been provisioned?
You can find your IP address listed in the networking section in the Stallion.
The DDoS Protected IP should show up and the type should say DDoS Protected in red.
How do I enable my DDoS Protected IP and make it my primary IP?
- Go to Stallion and select the server in question and click “Networking”
- Activate the DDoS Protected IP and turn off the non protected IP if needed.
- Click on the dropdown where it says “Main IP Address” and select your protected IP and click “Save Changes”. Setting this makes this IP be handed out over DHCP.
- Reboot your VPS or restart its' networking.
- Run
curl ipinfo.io
and see if your DDOS Protected IP shows up. If you're using Windows Server 2016 runningcurl ipinfo.io
in Command Prompt should work. If you're using Windows 2012 you may need to open a internet browser and go to ipinfo.io and see if your DDOS Protected IP shows up.
What services will you not protect?
Please abide by our Terms of Service and Acceptable Use Policy for a list of applications allowed on our network.
TL;DR Camfrog is fine.