Protection Against DOS and DDOS attacks

VAS EXPERTS DPI has built-in protection against Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks – these are types of attacks on computer systems, when users cannot access the provided system resources or this access is difficult.

The attack is carried out from the attacker’s computer or entire network (botnet) of devices, and this can be any device having access to the Internet (router, TV, tablet, etc.). User may not know that attack is carried out from his or her device. In this case, protection of remote resources and applications should be performed by the carrier’s equipment.

  • Performance up to 20 million packets per second, depending on the configuration.
  • Protection against TCP SYN Flood and fragmented UDP Flood.
  • Protection against DDoS (LOIC etc) basing on The Turing Test (Human Detection).
  • Dynamic control of the bandwidth, common and up to a separate IP.
  • Prioritization by common bandwidth and separate IP protocols.

CONTACT US

Specifics

Using the Turing test (pages with CAPTCHA) to protect against DDoS The Turing Test (CAPTCHA pages) to protect against DDoS

This computer test determines who the user of the system is - a person or a computer.

If the threshold value is exceeded, for example, the number of requests per second comfortable for the site, the protection is activated and the user needs to enter information from CAPTCHA to confirm that he or she is not involved in the botnet network, and only then access to the site will be allowed.

After confirmation, the user is entered into the “white list” and is no longer subject to checks.

TCP SYN Flood Protection from DoS TCP SYN Flood protection against DoS

SYN Flood attack causes an increased consumption of resources of the attacked system. Denial of service occurs when the flow of SYN-flood is 100 000 - 500 000 packets per second. At the same time, even a gigabit channel will allow an attacker to send to the attacked site a stream of up to 1.5 million packets per second.

VAS EXPERTS DPI detects independently an attack on exceeding a specified threshold of unconfirmed SYN requests and, instead of the protected site, responds to SYN requests and organizes a TCP session with the protected site after confirmation of the request by the client.

Fragmented UDP Flood защита от DoS Fragmented UDP Flood protection against DoS

This type of attack is carried out by fragmented udp-packets, usually a short one, for the assembly and analysis of which the attacked platform is forced to spend a lot of resources.

Protection is carried out by discarding a set of protocols that is irrelevant for the protected site or rigid restriction of them over a passed band.

WANT TO LEARN MORE ABOUT OUR PRODUCTS?
SEND YOUR REQUEST!