Servercore Protection

Servercore Protection

Servercore protection is free of charge and is enabled by default.

Protected Products: Dedicated servers, Cloud platform ( Cloud servers, Managed Kubernetes, Databases).

Protection is provided on  network and transport (L3, L4) layer and protects services from types of attacks:

• UDP-based reflection attacks (DNS, NTP, memcache, etc.);
• attacks using fragmented IP traffic;
• TCP SYN/RST/PSH flood;
• different types of UDP floods;
• different types of ICMP floods.

Servercore protection does not protect against site-level DDoS attacks, application-level (L7) DDoS attacks, or attacks that require simultaneous analysis of traffic in both directions:

• attack with valid TCP connections;
• attacks with valid HTTP and HTTPS requests;
• attacks on bottlenecks or vulnerabilities of the attacked service.

Principle of operation⁠

Servercore protection is automatically enabled for all IP addresses in a standalone Servercore system. Client IP addresses that are routed within the Servercore network are also protected.

When Servercore protection works, only incoming traffic is analyzed, with no restrictions.

Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic. If the level of any traffic exceeds a specified threshold, the filter imposes a restriction on its passage through the network. In this case, the traffic is not blocked completely, but only the part of it that is related to a DDOS attack is excluded.

If an attack has a prolonged negative impact on the network infrastructure, incoming traffic can be blocked using blackhole (RTBH). When blocking, a ticket is created. To remove the blocking , write in the ticket. The blocking is automatically lifted after eight hours.