Service Spotlight: DDoS Filtering

DDoS Filtering

Features

  • On Demand or Always On Protection
  • Comprehensive Layer 7 Filtering
  • Upto 200Gb/s Protection
  • Upto 128 Million Connections
  • Corero SmartWall Devices

Statistics from our filtering

  • 22,985 Attacks Filtered in 2020
  • Largest Attack of 120Gb/s
  • Average Mitigation Time of 45 Seconds for On Demand Filtering
  • 99.99% Uptime of Fraction Servers Scrubbing Centres

Neustar Reported Attack Sizes in 2020:

100 Gbps and above
967%
50 Gbps to 100 Gbps
557%
25 Gbps to 50 Gbps
206%
5 Gbps and below
81%
5 Gbps and below
257%



Research shows that the average DDoS attack in 2020 uses more than 1 Gbps of data, which is more than enough to scuttle most small-to-medium-sized websites. Further, we’ve seen a significant increase in the average length, with most attacks now lasting 30 minutes to an hour, instead of ten minutes or less as in previous years.

How We Can Help/Our DDoS Filtering Services

Unlike many providers Fraction Servers operate a dedicated “scrubbing centre” to actively filter malicious DDoS traffic, whilst some providers will simply switch off or “null route” the IP under attack all of our customers benefit from on demand DDoS filtering as standard.

Our scrubbing centre utilises Corero SmartWall Network Threat Defense which is the most powerful DDoS mitigation engine available and our unique algorithmic architecture is designed to provide a very high assurance of passing good traffic while mitigating bad traffic protection against all 25 classes of DDoS attacks.

TCP Based (SYN Flood, SYN-ACK Flood, ACK & PUSH ACK Flood, Fragmented ACK, RST or FIN Flood, Synonymous Flood, Fake Session, Session Attack, Misused Application);

TCP-HTTP Based (HTTP Fragmentation, Excessive VERB, Excessive VERB Single Session, Multiple VERB Single Request, Recursive GET, Random Recursive GET, Faulty Application);

UDP Based (UDP Flood, Fragmentation, DNS Flood, VoIP Flood, Media Data Flood, Non-Spoofed UDP Flood);

ICMP Based (ICMP Flood, Fragmentation, Ping Flood)

On Demand Protection

All customers are protected by our On Demand protection as standard which operates as follows:

Normal Operation: Traffic is routed directly from our edge routers to our core network which forms the gateway for your server’s internet connection. Our in house monitoring and flowspec systems constantly monitor for attack traffic.

When Under Attack: Our in house monitoring systems will drop common attack traffic at our edge routers, and all other traffic is routed via one of our “scrubbing centres”. These scrubbing centres provide upto 200Gb/s of protection each filtering out any DDoS traffic and routing any legitimate traffic through to your server.

Once the Attack has Stopped: Our monitoring systems constantly analyse incoming traffic and once the attack has stopped traffic is re-routed directly to your server.

Always On Protection

Customers can opt for Always On DDoS Protection as an additional cost service, with this option traffic is permanently routed through one of our scrubbing centres providing the lowest possible mitigation response time for those customer’s that are highly vulnerable to attacks.

 
  • This option provides:
  • Full attack visibility and real time reporting
  • Algorithmic learning
  • Full customisation
  • Algorithmic learning
  • View attack IPs and country of origins