Servercore Protection

Servercore Protection

Servercore protection is free of charge and is enabled by default.

Protected Products: Dedicated servers, Cloud platform (Cloud servers, Managed Kubernetes, Databases).

Protection is provided at network and transport (L3, L4) layer and protects services from attack types:

• UDP-based reflection attacks (DNS, NTP, memcache, etc.);
• attacks using fragmented IP traffic;
• TCP SYN/RST/PSH flood;
• different types of UDP floods;
• different types of ICMP floods.

Servercore protection does not protect against site-level DDoS attacks, application-level (L7) DDoS attacks, or attacks that require simultaneous analysis of traffic in both directions:

• attack with valid TCP connections;
• attacks with valid HTTP and HTTPS requests;
• attacks on bottlenecks or vulnerabilities of the attacked service.

Working principle⁠

Servercore protection is automatically enabled for all IP addresses in a standalone Servercore system. Client IP addresses, which are routed on the Servercore network, are also protected.

When Servercore protection works, only incoming traffic is analyzed, with no restrictions.

Depending on the type of attack detected, filters are dynamically configured on edge routers to block unwanted traffic. If the level of any traffic exceeds the specified threshold, the filter imposes a restriction on its passage through the network. In this case, the traffic is not blocked completely, but only the part of it that is related to the DDOS attack is excluded.

If an attack has a prolonged negative impact on the network infrastructure, incoming traffic can be blocked using blackhole (RTBH). A ticket is created when blocking occurs. To remove the lock write in ticket. The lock is automatically released after eight hours.