How to mitigate SYN Flood DDoS attacks more effectively

We launch a stand-alone solution for protection against SYN Flood DDoS attacks.

In cooperation with Intel, we’ve developed an XDP-based solution (eBPF) that provides effective mitigation of DDoS attacks with little to no impact on overall latency. The new XDP-based solution eliminates the need for a dedicated DDoS protection server.

About SYN Flood

SYN Flood is a type of a denial-of-service attack that is designed to make an online network or system inaccessible by causing a flood of TCP (Transmission Control Protocol) requests to a server. The attacker sends short bursts of SYN messages into the ports leaving the connections open and available. This can exhaust the server resources and result in users being blocked from entering or using the network.

Effectiveness based on Intel processors and our CDN

To provide its customers with better protection against such attacks, we have developed a stand-alone solution based on 3rd generation Intel® Xeon® Scalable processors. This new type of solution eliminates the need for a dedicated DDoS protection server and evenly distributes volumetric attacks across CDN servers, decreasing the performance requirements for every individual CDN node.

Approved by Wargaming

We have trialed this method of protection both in test labs and alongside our customer, online gaming giant, Wargaming. To fight DDoS attacks, Wargaming adds a signature to every UDP packet from an end user’s device to the game server. We helped Wargaming to ‘offload’ the checks from their network by applying this countermeasure on our servers, so that only ‘clean’ traffic could reach the customers. When an attack occurs, all traffic with invalid signatures is routed to our servers, and only validated traffic reaches the protected gaming server.

Future of the joint solution

Such testing of XDP-based solutions for protection against SYN Flood attacks has proven successful for our customers in shared scenarios when DDoS protection suite executes on every CDN node. This perfectly suits our long-term goals and serves to facilitate our continued partnership with Intel. This case also sets an encouraging precedent for further joint testing that will ensure that our solution can always provide the best protection to our customers.

“Our long-term cooperation with Intel in developing the solution guarantees many things for the future. First of all, it’s the flexibility of the development for the customer and providing faster technical support. And secondly, it’s the possibility of further joint testing and upgrading the solution with the latest Intel processors available to us at the earliest possible stage to provide the best protection for our customers.”

Head of Cybersecurity at Gcore, Andrey Slastenov

Get server protection