Servercore Protection
Servercore protection is enabled by default for products:
Protection against DDoS attacks
What types of attacks Servercore's defenses reflect
Protection is provided on network and transport (L3, L4) layer and protects services from types of attacks:
- UDP-based reflection attacks (DNS, NTP, memcache, etc.);
- attacks using fragmented IP traffic;
- TCP SYN/RST/PSH flood;
- different types of UDP floods;
- different types of ICMP floods.
What types of attacks Servercore's defenses do not reflect
Servercore protection does not protect against application-level (L7) DDoS attacks, nor against attacks that require simultaneous analysis of traffic in both directions to detect:
- attacks with valid TCP connections;
- attacks with valid HTTP and HTTPS requests;
- attacks on bottlenecks or vulnerabilities of the attacked service.
Principle of operation
Servercore protection is automatically enabled for all IP addresses in the Servercore standalone system.Client IP addresses that are routed within the Servercore network are also protected.
When Servercore protection works, only incoming traffic is analyzed, with no restrictions.
Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic.If the level of any traffic exceeds a predetermined threshold, the filter imposes a restriction on its passage through the network.In this case, the traffic is not blocked completely, but only the part of it that is related to the DDoS attack is excluded.
Cost
Servercore protection is provided free of charge.
Limitations
If an attack negatively impacts the network infrastructure for a long period of time, incoming traffic can be blocked using blackhole (RTBH).
If a blocking decision is made, we will create a ticket and send it to you.To remove the blocking, reply in the ticket.Automatically, the blocking is removed after eight hours.