Servercore Protection

Servercore protection is enabled by default for products:

• Dedicated servers
• Cloud servers
• Managed Kubernetes
• Cloud databases

Protection against DDoS attacks

What types of attacks Servercore's defenses reflect

Protection is provided on  network and transport (L3, L4) layer and protects services from types of attacks:

• UDP-based reflection attacks (DNS, NTP, memcache, etc.);
• attacks using fragmented IP traffic;
• TCP SYN/RST/PSH flood;
• different types of UDP floods;
• different types of ICMP floods.

What types of attacks Servercore's defenses do not reflect

Servercore protection does not protect against application-level (L7) DDoS attacks, nor against attacks that require simultaneous analysis of traffic in both directions to detect:

• attacks with valid TCP connections;
• attacks with valid HTTP and HTTPS requests;
• attacks on bottlenecks or vulnerabilities of the attacked service.

Principle of operation

Servercore protection is automatically enabled for all IP addresses in the Servercore standalone system.Client IP addresses that are routed within the Servercore network are also protected.

When Servercore protection works, only incoming traffic is analyzed, with no restrictions.

Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic.If the level of any traffic exceeds a predetermined threshold, the filter imposes a restriction on its passage through the network.In this case, the traffic is not blocked completely, but only the part of it that is related to the DDoS attack is excluded.

Cost

Servercore protection is provided free of charge.

Limitations

If an attack negatively impacts the network infrastructure for a long period of time, incoming traffic can be blocked using blackhole (RTBH).

If a blocking decision is made, we will create a ticket and send it to you.To remove the blocking, reply in the ticket.Automatically, the blocking is removed after eight hours.