Multi-Layer DDoS Protection

Our DDoS protection infrastructure uses a comprehensive multi-layered approach to defend against attacks. Each layer is designed to handle specific types of threats while maintaining optimal performance for your services.

1. Volumetric Filtering

The first line of defense tackles large-scale DDoS attacks like UDP amplification and reflection attacks. We leverage anycast networking to spread incoming traffic across multiple Points of Presence (POPs), enhancing our ability to mitigate large-scale attacks. The pre-filtering mechanism is capable of filtering out most of the attack volume.

2. Edge Firewall

The edge firewall puts you in control of your traffic filtering. You can instantly deploy and modify rules to allow, block, or rate-limit traffic based on specific protocols, ports, and connection states - all at the edge of our network.

3. General UDP & TCP Filtering

General UDP & TCP Filtering employs advanced in-house developed algorithms and performs deep packet inspection to validate data packets. Using stateful packet inspection, we track and verify active connections to distinguish between legitimate users and potential threats. The system continuously adapts its filtering rules based on real-time traffic patterns, providing dynamic protection against emerging threats.

4. Anomaly Detection

Machine learning-powered anomaly detection acts as an intelligent guardian, identifying and blocking suspicious traffic patterns in real-time. This proactive approach protects services from unknown attack patterns. Continuously learning from historical traffic patterns, the system improves its accuracy over time, effectively mitigating complex attack patterns while minimizing false positives through behavioral analysis.

5. Application Filters

We’ve developed specialized filters for specific applications to ensure only legitimate traffic of that application gets through. These filters verify both payload contents and traffic patterns, automatically blocking any traffic that doesn’t match the expected behavior. We currently support:

  • FiveM
  • Wireguard
  • OpenVPN
  • Source Engine

Custom filters can be developed for other applications upon request.

For FiveM servers, we’ve allocated a dedicated port range from 30000 to 32000. Your FiveM servers must operate within this range for proper functionality. Remember that even when using these designated ports, you’ll still need to apply the FiveM application filter for complete DDoS protection.

Time to Mitigate

Our protection system is engineered for rapid response. Known attack patterns are blocked instantly, while new, previously unseen attack types are typically detected and mitigated within 10 seconds.