Anti-DDoS

Your dedicated infrastructures protected against DDoS attacks

 

Mitigation  

Reinforce your infrastructure


It's not a question of knowing if you need anti-DDoS protection but rather when you will first be the victim of an attack. Guard-Host is committed to protecting your project 24/7 against any type of DDoS attack, regardless of duration or size.

Our offers and guaranteed SLA

  Anti-DDoS
Eligibility Included by default
Number of attacks per month Unlimited
Gbps limit of attack Unlimited
Duration of attacks per month Unlimited
Type of attack All
Detection and Auto-Mitigation yes
Multi-point Mitigation 3 points:
Central Europe (SBG)
Western Europe (RBX)
North America (BHS)
3 Tbps Surplus network yes
Firewall Network yes
Tilera yes
Arbor yes
Manager v6 yes

Anti-DDoS

 

All Guard-Host servers will benefit from automatic anti-DDoS mitigation by default in the event of an attack (reactive mitigation).



What is anti-DDoS protection?



The functioning of a DDoS attack


The chances of being targeted by a DDoS attack are great and attempts are numerous.


A DDoS attack aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.


During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.


 

What we offer to protect your services



To protect your servers and services from attacks, offers a mitigation solution based on VAC technology - an exclusive combination of techniques to:


  • Analyse all packets at high speed in real time
  • Vacuum your server's incoming traffic
  • Mitigatei.e. singling out all the illegitimate IP packets, while allowing legitimate ones to pass through

 

Targets and types of attacks



There are three ways of making your site, server or infrastructure unavailable:


  • Bandwidth: this type of attack consists of saturating the server's network capacity, which renders it unreachable.
  • Resources: this type of attack consists of depleting the machine's system resources, which prevents it from responding to legitimate requests.
  • Exploitation of software fault: also called "exploit", this type of attack targets a particular software fault either to make the machine unavailable or to take control of it.


Name of attack OSI level Type of attack Explanation of attack principle
ICMP Echo Request Flood L3 Resource Also called Ping Flood, mass sending of packets implicating the response of the victim, which has the same content as the original packet.
IP Packet Fragment Attack L3 Resource Sending of IP packets that voluntarily reference other packets that will never be sent, which saturates the victims memory.
SMURF L3 Bandwidth ICMP broadcast attack usurping the source address to redirect multiple responses to the victim
IGMP Flood L3 Resource Mass sending of IGMP packets (multi-cast management protocol)
Ping of Death L3 Exploit Sending of ICMP packets which exploit an implementation bug in certain operating systems
TCP SYN Flood L4 Resource Mass sending of TCP connections requests
TCP Spoofed SYN Flood L4 Resource Mass sending of TCP connections requests to usurp the source address
TCP SYN ACK Reflection Flood L4 Bandwidth Mass sending of TCP connections requests to a large number of machines, usurping the victim's source address. The bandwidth of the victim will be saturated by the responses to these requests.
TCP ACK Flood L4 Resource Mass sending of TCP segment delivery receipts
TCP Fragmented Attack L4 Resource Sending of TCP segments that voluntarily reference other segments that will never be sent, which saturates the victim's memory
UDP Flood L4 Bandwidth Mass sending of UDP packets (not requiring a previously-established connection)
UDP Fragment Flood L4 Resource Sending of UDP datagrams that voluntarily reference other datagrams that will never be sent, which saturates the victim's memory
Distributed DNS Amplification Attack L7 Bandwidth Mass sending of DNS requests usurping the source address of the victim, to a large number of legitimate servers. As the response is more voluminous than the question, an amplification of the attack follows
DNS Flood L7 Resource Attack of a DNS server by mass sending of requests
HTTP(S) GET/POST Flood L7 Resource Attack of a web server by mass sending of requests
DDoS DNS L7 Resource Attack of a DNS server by mass sending of requests from a large set of machines which are under the attacker's control
 

 

Contact

We accept