Skip to main content
DDoS Protection safeguards servers and instances against DDoS attacks. Two protection modes are available: Basic (free, enabled by default on all servers) and Advanced (paid, always-on filtering via a Threat Mitigation System).

Protection modes

Basic protection is on by default at no cost. Advanced protection is a paid add-on that keeps the server online throughout an attack by routing all traffic through the TMS.
FeatureAdvanced protectionBasic protection
Pricing modelPaidFree
Maximum time to recognize an attack5 seconds3 minutes
Attacks it protects fromCommon amplification attacks, IP spoofing attacks, volumetric attacks (L3), connection attacks (L4), application-layer attacks (L5-L7)Common amplification attacks, IP spoofing attacks
Protection technology1. All traffic passes through TMS.

2. In case of an attack, TMS immediately filters the traffic.

3. TMS sends legitimate traffic to the server.
1. Attack is detected.

2. The attacked IP is blocked for a while.
Best forServers attacked frequently, servers attacked at the application layer (L7), servers hosting critical business applicationsServers rarely attacked, servers not hosting critical business applications

Basic protection

Basic protection is enabled by default for all servers. No action is required.

ACL rules

Basic protection uses predefined ACL rules to block the following traffic types:
  • Reflection attacks: DNS, NTP, SSDP, MSSQL, LDAP, SNMP, CharGen, Memcache, Echo, RIP, ARMS
  • Fake source IP attacks: 0/32, 127.0.0.0/8, 192.0.2.0/24, 224.0.0.0/3, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
  • Traffic below 200 Mbit/s per destination IP is not protected
To customize ACL rules, upgrade to Advanced protection.

Null-routing

When Basic protection detects a DDoS attack, the system temporarily blocks the target IP address. This mechanism is known as null-routing: the server is protected from attack traffic but becomes unreachable from the internet for 1 to 24 hours. To keep the service available during an attack, upgrade to Advanced protection.

Advanced protection

Advanced protection routes all traffic through a Threat Mitigation System (TMS) at all times, even when there’s no attack. TMS immediately filters malicious traffic on detection, within 5 seconds, and forwards only legitimate traffic to the server, so the server stays online throughout an attack. To enable Advanced protection, fill out the request form. Our team will review the request and provide a suitable configuration. Setup time is typically 1-3 business days after approval.

DDoS attack statistics

The real-time DDoS attack statistics feature provides a live dashboard with an overview of ongoing attacks on protected resources. Filter by data center, time interval, and attack metrics such as bits per second (bps) and packets per second (pps).
DDoS attack statistics

Pricing

The price for DDoS Protection depends on three factors:
  • OSI layers. Two options are available: L3-L4 and L3-L7. L3-L4 protection is more affordable.
  • TMS bandwidth. Pricing varies based on the TMS bandwidth used to send traffic to the server. Available options: 1 Mbit/s, 10 Mbit/s, 100 Mbit/s, 200 Mbit/s, 500 Mbit/s, 1 Gbit/s, 2 Gbit/s, 10 Gbit/s. The lower the bandwidth, the lower the price.
  • Server location. Prices vary by data center. Contact us and we’ll advise on pricing for a specific location.
Always-on protection is available for L3-L7 protection layers. For custom configurations, contact us to request a tailored plan.