DDoS Protected Shared, Reseller & VPS Hosting
DDoS Protected Elastic-Sites Hosting
It’s no longer a question of knowing if you need Anti-DDoS protection with your hosting, but rather when you will first be the victim of an attack.
DDoS (Distributed Denial of Service) is a growing menace for companies that do business online, but the detection and mitigation of such attacks are expensive and complex, often putting it out of reach for the smaller company or individual.
UnixGuru is committed to automatically protecting your website against any type of DDoS attack, regardless of duration, size or regularity of the attack, but at an affordable price.
- Web services are functioning normally.
- Traffic passes through the backbone of our network then arrives at the data centre.
- Finally, it is handled by our servers sending back their responses over the internet.
- An attack is launched via the internet and on the backbone.
- Given the surplus capacity of the bandwidth on the backbone (3 Tb/s), the attack will not cause saturation on any link.
- The attack reaches the server, which should handle the initial attack.
- Meanwhile, analysis of the traffic flags up that an attack is underway and triggers the DDoS mitigation.
- Within 15 to 120 seconds after the attack has started, the mitigation is activated.
- The traffic coming in towards the server is vacuumed up by the 3 VACs (1 in each of 3 data centres), with a total mitigation capacity of 480 Gbps (3 x 160 Gbps).
- The attack is blocked without duration or size limits, nor any other type of limit.
- Legitimate traffic passes through the VAC to finally reach the server.
- The server responds directly without passing through the VAC again. This process is called auto-mitigation.
- Executing an attack is costly, especially if it’s ineffective.
- After a time, the attack will come to an end.
- Auto-mitigation is maintained for 26 hrs following the attack.
- This means any new wave of attack that occurs within the next few minutes, hours or even 24 hours later will be blocked immediately.
- After 26 hours, auto-mitigation is disabled, but it remains at the ready to be reactivated on detection of another attack.
ALL servers are protected!
- 8 x DNS nodes (dedicated servers) providing your hosting with DNS, each in separate datacentres.
- European Hosting Servers
If you already have DDoS protected hosting, check with your provider is their DNS servers are also DDoS protected, as DNS servers have recently become a more common target for these type of attacks.
DDoS detection is achieved by the using the NetFlow sent by the routers and analysed by the Arbor Peakflow boxes. Routers send a small sample of the traffic that is flowing through them. The Arbor Peakflow boxes analyse the data and compares it to known attack signatures.
If the comparison is positive, mitigation is activated within seconds.
The signatures analysed are based on traffic thresholds of “packets per second” (pps, Kpps, Mpps, Gpps) or “bits per second” (bps, Kbps, Mbps, Gbps) on certain packet types, such as:
- IP Fragment
- NULL IP
- Private IP
- TCP NULL
- TCP RST
- TCP SYN
- Total Traffic
Because specific thresholds need to be triggered, and that only 1/2000 of the actual traffic is analysed, setting up the mitigation usually takes between 15 and 120 seconds, and once mitigation is initiated the attacked IP, stays in mitigation until 26 hours after the traffic drops back below the threshold.
Pre Firewall Stage (Cisco Nexus 7009)
- Fragment UDP
- Size of Packet
- Authorisation of TCP, UDP, ICMP, GRE protocols
- Blocking all other protocols
Firewall Network Stage (Cisco ASR 9001)
- Authorise/block an IP or a sub-network of IPs
- Authorise/block a protocol: IP (all protocols), including, TCP, UDP, ICMP & GRE protocols
- Authorise/block a port or TCP/UDP port interval
- Authorise/block SYN/TCPs
- Authorise/block all packets except SYN/TCPs
Tilera Stage (TILEmpowerGX 36) 36 CPU Cores
- Malformed IP header
- Incorrect IP checksum
- ICMP limitation
- Malformed UDP datagram
- DNS amplification
Arbor Stage (Arbor PeakFlow TMS 4000)
- Malformed IP header
- Incomplete fragment
- Incorrect IP checksum
- Duplicated fragment
- Fragment too long
- IP/TCP/UDP/ICMP packet too long
- Incorrect TCP/UDP checksum
- Invalid TCP flags
- Invalid sequence number
- Zombie detection
- TCP SYN authentication
- DNS authentication
- Badly formed DNS request
- DNS limitation
Other technologies deployed to overcome DDoS
Quadruple Redundant DNS Cluster
- 4 DNS Servers (themselves DDoS protected), load balanced
BitNinja Shared Intelligence Bot-Net / Malicious IP Filtration
Our shared hosting systems all have BitNinja installed. Used by many hosting companies, attacks by IPs are fed back to a central system which notifies all other servers with BitNinja protecting the whole network. By blocking known malicious bots and presenting suspicious IPs with a capture, BitNinja can really block the bad guys and let through the genuine visitors.
Active Firewall (local)
- Limits the number of simultaneous connections from a single IP
- Arrests PORT Flooding attacks
- Blocks SYN Flooding attacks
- Blocks PORT Scanning
- Blocks Brute-Force attacks against:-
- POP Email Account
- IMAP Email Accounts
- SMTP Email Accounts
- FTP Accounts
- Apache/LiteSpeed HTTP Protected Areas
- Popular CMS Systems
LiteSpeed Enterprise WebServer
- LiteSpeed has many Anti-DDoS features including connection and bandwidth throttling.
- Last line of defence against a DDoS.
- Limits the number of simultaneous Apache HTTP connections that can be opened for a single customer.
- Users are isolated from each other, so only the DDoS’d site should be the only site affected, should the other technologies not be enough to arrest the attack.