What is a DDoS attack?
A distributed denial of service (DDoS) is an attack where a person or group of individuals sends a flood of network packets to a server that may lag, crash or completely immobilize the targeted service. DDoS attacks often cannot be tracked back to the source as the attacker(s) use: compromised computers (botnets/stressers), amplify off of a flawed infrastructure or service (NTP, DNS, SNMP, Source Amplified DDoS attack, etc) and use spoofed machines to initiate their attacks. The best way to stop DDoS attacks is to have a hosting provider whom provides actual in-depth DDoS protection.
Our Custom DDoS Protection
Updated on February 7th, 2019
Our custom DDoS protection runs off of our anycast-based network (AS19186) and allows us to provide high PPS (packet per second), application level DDoS mitigation for a broad range of services. We completely rebuilt our custom DDoS mitigation system after we jumped to open our internet service provider (AS19186) and to also open our own location in Dallas, TX. Since we operate our own network, we have more flexibility to be able to offer extremely specific application level DDoS protection in various areas such as Garry's Mod, Rust and Teamspeak 3.
The rest of our DDoS protection is fully custom and cannot be found by any hosting provider not directly partnered with us. Our DDoS protection is designed to only allow traffic to the service(s) that you wish to host, this is one of the many ways that we ensure that our hosted servers are protected from up to 99% of DDoS attacks.
To ensure maximum transparency, we will break down exactly what each of our DDoS Mitigation Layers does below:
DDoS Mitigation Layer One (Preemptive Firewall)
The first layer of our DDoS mitigation system is designed to stop basic but very large UDP based amplification type DDoS attacks. Some examples of what it would block is NTP, DNS, SNMP and UPNP type amplification attacks.
This layer is designed to be able to "gulp" up at least 100 Gbps or more of inbound DDoS attacks towards our clients. This is where our anycast network really comes into play since we are able to expand individual POPs to be able to handle any appropiate load without any saturation related issues.
DDoS Mitigation Layer Two (Custom in-depth Filtration System)
This layer is designed to only allow the specific traffic for the end service that the client chooses.
The third layer of our DDoS mitigation system is designed to protect our clients from any in-depth DDoS attacks. This system is also designed to be stackable, and supports up to at least 100 Gbps.
This layer protects our clients from up to 95% of all DDoS attacks that come through our system.This provides our customers with more in depth and specific DDoS protection.
All other hosts that currently provide DDoS protection are designed to give you more generalized DDoS protection. That means that even if they tell you that they offer a ridiculous amount of DDoS protection capacity such as 480 Gbps, that is no promise at all that their system can detect the attack, let alone filter it.
DDoS Mitigation Layer Three (Custom VSE Guard 2.0)
This is our final fully custom layer in our DDoS mitigation system. The layer is designed to specifically protect our clients against DDoS attacks that target a part of their service(s). An example of where this happens most often is in Garry's Mod and Rust servers, where there are public DDoS attacks that target how the game engine works. An in depth example of this are DDoS attacks that have the same exact packet structure as real traffic which the game engine uses, this is not blockable via traditional forms. The formal name for these attacks are Valve Source Engine floods or exploits. These DDoS attacks currently cannot be properly filtered by any other hosting provider unless they are directly partnered with us.
These attacks are also actually very common, we have clients purchasing dedicated machines from us just to protect themselves from these very in depth DDoS attacks. This is while their hosting provider tells them that it's impossible to properly filter these attacks, they claim that they offer a "solution" to these attacks while they simply apply a rate limit and state that these attacks are absolutely impossible to resolve, which is completely false.
This is a truly custom system that is designed to protect you even further than any other hosting company can offer. Many top servers rely on this system to be able to stay up 24/7 and it also lowers your server's latency in the server browser (Source) which gives you a slight advantage in how your server is shown. When this is combined with our custom IP geo-location and optimized routing, it increases the amount of players that join your server by about 20% which nobody else can offer!
This layer of our DDoS mitigation system protects our clients from the rest of all DDoS attacks that aren't taken care by our other layers. We are able to protect from up to 99.99% of all DDoS attacks even if the attacks are designed to exploit the game's engine, such as a VSE DDoS attack.
We are very realistic with our customers as many other hosting providers advertise to their clients a stupidly high DDoS capacity, such as 480 Gbps for their overall mitigation amount, when in reality their system cannot even detect the attack. Our combined capacity rating that we give to our clients is within 25 Gbps to 65 Gbps of DDoS protection. Please remember that it will always depends on the type of the attack that comes in, if the attack is amplification based, we can protect you from hundreds of gigabits of incoming bandwidth. We will never null route any of our clients unless we absolutely have no other choice given the circumstances.
What attacks do we protect against?
The best perk about choosing our hosting provider is that we do not need to rely on another company for DDoS protection (for our custom layers). In the unlikely scenario that an attack does get through all of our layers, we will do everything to patch it as soon as possible.
Some of the DDoS attacks and floods that we are known to protect our clients from are:
- Random UDP floods
- NTP floods
- DNS floods
- SNMP floods
- UPNP floods
- Valve Source Engine attacks (VSE)
- A2S_GetInfo attacks
- A2S_GetChallenge attacks
- A2S_GetRules attacks
- Rust specific DDoS attacks
- Amplified source engine DDoS attacks.
- Smurf attacks
- RST flood attacks
- All TCP based DDoS attacks
- Quake amplified attacks
- COD4 amplified attacks
- Zombie Detection (Botnet based attacks)
- Internal DDoS attacks
- Source connection flood
- All known UDP amplification attacks.
Please remember that this is only a very small list of some DDoS attacks that we currently filter. If you have any questions or concerns about anything then please contact us here.
We also make custom DDoS Mitigation filters on request for clients regardless of the service as this is usually used with our managed or unmanaged dedicated machines. For example, if you want us to create custom DDoS Mitigation filters for a particular service or even if you made your own game, then we can definitely create it so that you are truly protected against even the most in depth "layer 7" attacks which no other hosting provider truly offers.