User Tools

Site Tools


ddos

This is an old revision of the document!


A PCRE internal error occured. This might be caused by a faulty plugin

====== DDOS Protection ====== ===== What does this service do? ===== This addon provides you with an affordable source of [[http://en.wikipedia.org/wiki/Denial-of-service_attack|Denial Of Service]] protection. If you don't know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it's unlikely you need this :) ===== How much does it cost ? ===== Protected IP addresses cost $3.00/month per IP address in all locations we operate. ===== How much filtering is provided? ===== We provide over 140 million packets-per-second of filtering or over 100gbit/sec for volumetric floods. This amount of protection is **not** dedicated to you but is a pool all protected users share from in each location. ===== What types of floods does it protect against? ===== Here is an exhaustive list of floods that our filtering helps protect against: * TCP SYN + ACK * TCP FIN * TCP RESET * TCP ACK * TCP ACK + PSH * TCP Fragment * TCP (SYN, etc.), ICMP, UDP Floods * HTTP URL GET/POST Floods * Malformed HTTP Header Attacks * Slow-HTTP Request Attacks * SYN Floods Against SSL Protocols * Malfromed SSL Attacks * SSL Renegotiation Attacks * SSL Exhaustion (Single Source/Distributed Source) * DNS Cache Poising Attacks * DNS Request Flood * SIP Request Floods * IGMP * Brute Force * Connection Flood * Spoofing / Non-Spoofed * Mixed SYN + UDP or ICMP + UDP flood * Ping of Death * Smurf * Reflected ICMP and UDP * Teardrop * Botnets * Blackenergy, Darkness, YoYoDDoS, etc * Common DoS/DDoS Tools * Slowloris/Pyloris, Pucodex, Sockstress, ApacheKiller * Voluntary Botnets * HOIC, LOIC, Etc * Application Attacks * Zero-day DDoS attacks * DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection. In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through. ===== What extra features do you include? ===== You can configure your DDOS protection to your preferred mode within Stallion: {{:ddos1.png?400|}} {{:ddos2.png?400|}} In ''sensing mode'', no filters/blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use ''always on'' mode, the following ACL's are enforced: {{:voxacl.png|}} These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee. ===== What subnets does the the Layer 7 protection use? ===== Layer 7 protection connections will come from the following subnets. | 5.254.110.0/26 | | 93.115.83.64/26 | | 93.115.90.64/26 | | 5.254.108.64/26 | | 5.254.107.0/26 | You'll need to configure your webserver to assign the users connecting IP from the ''X_FORWARDING_FOR'' field. In NGINX you'll want to use a setup like: <code> set_real_ip_from 5.254.110.0/26 set_real_ip_from 93.115.83.64/26 set_real_ip_from 93.115.90.64/26 set_real_ip_from 5.254.108.64/26 set_real_ip_from 5.254.107.0/26 real_ip_header X_FORWARDING_FOR; </code> For Apache you'll have to install [[https://github.com/gnif/mod_rpaf|mod_rpaf]] to do this for you. ===== Is there an SLA? ===== Our filtering carries a 99.9% uptime SLA. This SLA does not cover users getting application layer floods. ===== Where can I order a DDOS protected IP address? ===== While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection' field. ===== How long do I have to wait to be activated? ===== DDOS protected IP's are automatically bound at order time. Ordering them at any other time will take anywhere from 5 minutes to a few hours depending on the time of day. ===== Where can I find my protected IP address once I've been provisioned? ===== You can find your IP address listed in [[https://manage.buyvm.net|Stallion]]. {{ :ddosip.png?nolink |}} ===== What services will you not protect? ===== Please abide by our [[https://my.frantech.ca/tos.php|Terms of Service]] and [[https://my.frantech.ca/aup.php|Acceptable Use Policy]] for a list of applications allowed on our network. TL;DR Camfrog is fine.

ddos.1431554247.txt.gz · Last modified: 2015/05/13 14:57 by Francisco Dias