Q: How does your DDOS Protection work?

A: Every single IP that receives traffic from Internet through Voxility may be protected against any type of DDoS attack (volumetric and layer7).

A network sensor detects instantly when an attack occurs and redirects traffic in seconds from the affected IP to the mitigation cloud. Redirection stops within minutes after the attack ends. Additional security features like ACL can be added.

Simple deployment - delivered identically as an ISP upstream link, this means you will connect your edge router to us, as you usually do with any other ISP through a classic cross-connect and BGP setup. If direct link is not an option - you may connect remotely via regular BGP tunneling.

Automated detection & filtering - traffic will be automatically and instant filtered only during an attack. Layer 7 (including HTTPS) is by default enabled, but it can be disabled for each IP. You have the choice to maintain Voxility in routing or not. You obviously can add in routing other anti-ddos providers.

It works with any port/any application and you get to announce as many subnets as you want. You will receive access to Voxility API which will allow you to dynamically interact with our system to update the status protection, enable/disable layer7 filtering, retrieve statistics, upload SSL certificates etc.

Q: How do you protect against network device attacks such as routers, firewalls, switches?

A: The procedure is the same as for all other DDoS attacks, we inspect IP packets.

Q: For gaming applications, what is typical latency for customers, regardless the location?

A: To check the latency please traceroute one of our IPs so you can see how the traffic is routed. Latency will increase at maximum with the latency between your service location and the nearby Security Cloud. We run close to 20 Security Scrubbing centers in US and Europe and your service will be connected to the one that has the lowest latency back to your network. Still, routes will not be as direct as they are coming from end-user datacenter.

Q: How long does mitigation take to happen?

A: DDoS detection has 2 states:

  • "always on" > traffic towards these IPs is always filtered, detection and mitigation are instant, good for services that are very sensitive to abrupt load of traffic, but we do not recommend this status unless is necessary
  • "sensor" > detects and redirects the traffic to Voxility Scrubbing Cloud only when an attack is detected

It really depends on how you decide the solution should solve the attacks, but in average the solution is designed to treat all DDoS events in a matter of seconds.

Q: How are SSL attacks mitigated?

A: If you are using our anti ddos with layer 7 filtering (reverse proxy), when you receive an attack toward web server port 80, the content of your site is cached by DoS filter. Only non-cached filtered traffic will reach your server. Reverse Proxy is an army of web servers that cache your content and multiplies the capacity of your server hundreds of times. As a side effect it accelerates web-content delivery. Content that cannot be cached is passed to your server after the user-initiated session is checked against possible malformations.

Q: What is Standard vs. Expert SLA for Anti-DDoS?

A: Standard anti-DDoS SLA applies to the service "as-is" without the possibility of modifying the features.

If you opt for Expert SLA you can choose to fine tune the anti-DDoS filter in a way that makes it more effective for your business (for example if you want leave unfiltered a type of pattern which would usually be considered "attack-type" because it interferes with your legitimate traffic).

Another type of service covered by expert SLA is the fine tuning of our edge firewall (which is a component of the anti-DDoS filter) in order to stop or add a new filter for a specific traffic pattern which is not listed as "dangerous" by our internal database.

need edit : sysctl.conf 

net.ipv4.ip_local_port_range=32768 61000

net.ipv4.tcp_dsack=0

net.ipv4.tcp_ecn=0

net.ipv4.tcp_fack=0

net.ipv4.tcp_fin_timeout=1

net.ipv4.tcp_keepalive_intvl=10

net.ipv4.tcp_keepalive_probes=3

net.ipv4.tcp_keepalive_time=30

net.ipv4.tcp_low_latency=1

net.ipv4.tcp_max_orphans=524288

net.ipv4.tcp_max_syn_backlog=1024

net.ipv4.tcp_no_metrics_save=1

net.ipv4.tcp_retries2=10

net.ipv4.tcp_sack=1

net.ipv4.tcp_slow_start_after_idle=0

net.ipv4.tcp_synack_retries=3

net.ipv4.tcp_syncookies=2

net.ipv4.tcp_timestamps=1

net.ipv4.tcp_tw_recycle=1

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_window_scaling=1

Link :

About Anti-DDoS

Source



Sunday, May 17, 2020





« Back