DDOS Protection and Mitigation
At HostingFuze Network we understand how important uptime is for your sites. That is why we include Free DDOS Mitigation with all of our hosting services. The DDOS Mitigation system constantly monitors network traffic and diverts malicious traffic to a filtering appliance while allowing good traffic to continue through.
Included Features & Services with ALL Hosting Services
Defends against known, unknown and evolving DoS, DDoS and other volumetric attacks.
Defends against attacks via TCP, UDP, IP protocols, Invalid IP packets, ICMP types, Time To Live field, packets lengths, and more
Receive up to the minute notifications of attacks, mitigation and resolution of DOS and DDOS attacks.
With over 230Gbps of Global Routing capacity we can handle the largest of attacks.
Our highly trained team of security specialists monitor the network ensuring it is running at its peak performance.
Our support team is here 24 hours a day, 7 days a week, 365 days a year monitoring your services and ensuring it stays online.
About DDOS Protection
Anti-DDoS Tunnel for Networks
The Anti-DDoS Tunnel is the quickest way for an entire Network and its downstream customers to be protected against volumetric or application specific DDoS attacks. It is a completely automated solution that filters the traffic only when an attack is detected. It is compatible with all edge routers supporting GRE or L2TP and gives the Network total control of which subnets are advertised through this tunnel via BGP advertisements.
with Free Download IP transit
The Secure Uplink is the most efficient and simple way for an Internet Service Provider (ISP) to protect its network and its downstream customers against volumetric or application specific DDoS attacks of up to 1 Tbps. By just adding a new upstream provider in its current list of peers, the ISP obtains immediately a completely automated solution that filters DDoS attacks for all subnets advertised through BGP to this line.
What does this service do?
This addon provides you with an affordable source of Denial Of Service protection.
If you don’t know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it’s unlikely you need this 🙂
How much does it cost ?
All service (hosting, vps, dedicated, games, teamspeak) include free DDoS protection by Voxility.
Aditional protected IP addresses cost $3.00/month per IP address in all locations we operate.
How much filtering is provided?
We provide over 999+ million packets-per-second of filtering or over 1Tbit/sec for volumetric floods.
This amount of protection is not dedicated to you but is a pool all protected users share from in each location.
What types of floods does it protect against?
Here is an exhaustive list of floods that our filtering helps protect against:
- TCP SYN + ACK
- TCP FIN
- TCP RESET
- TCP ACK
- TCP ACK + PSH
- TCP Fragment
- TCP (SYN, etc.), ICMP, UDP Floods
- HTTP URL GET/POST Floods
- Malformed HTTP Header Attacks
- Slow-HTTP Request Attacks
- SYN Floods Against SSL Protocols
- Malfromed SSL Attacks
- SSL Renegotiation Attacks
- SSL Exhaustion (Single Source/Distributed Source)
- DNS Cache Poising Attacks
- DNS Request Flood
- SIP Request Floods
- Brute Force
- Connection Flood
- Spoofing / Non-Spoofed
- Mixed SYN + UDP or ICMP + UDP flood
- Ping of Death
- Reflected ICMP and UDP
- Blackenergy, Darkness, YoYoDDoS, etc
- Common DoS/DDoS Tools
- Slowloris/Pyloris, Pucodex, Sockstress, ApacheKiller
- Voluntary Botnets
- HOIC, LOIC, Etc
- Application Attacks
- Zero-day DDoS attacks
- DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities
As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection.
In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through.
What subnets does the the Layer 7 protection use?
Layer 7 protection connections will come from the following subnets.
You’ll need to configure your webserver to assign the users connecting IP from the
X_FORWARDING_FOR field. In
NGINX you’ll want to use a setup like:
set_real_ip_from 126.96.36.199/26; set_real_ip_from 188.8.131.52/26; set_real_ip_from 184.108.40.206/26; set_real_ip_from 220.127.116.11/26; set_real_ip_from 18.104.22.168/26; set_real_ip_from 22.214.171.124/26; set_real_ip_from 126.96.36.199/26; real_ip_header X-Forwarded-For;
For Apache 2.2 you’ll have to install mod_rpaf to do this for you.
For Apache 2.4 you’ll want to install
mod_remoteip. You’ll want to configure
mod_remoteip the following way:
RemoteIPHeader X-Real-IP RemoteIPInternalProxy 188.8.131.52/26 RemoteIPInternalProxy 184.108.40.206/26 RemoteIPInternalProxy 220.127.116.11/26 RemoteIPInternalProxy 18.104.22.168/26 RemoteIPInternalProxy 22.214.171.124/26 RemoteIPInternalProxy 126.96.36.199/26 RemoteIPInternalProxy 188.8.131.52/26
Is there an SLA?
Our filtering carries a 99.9% uptime SLA.
This SLA does not cover users getting application layer floods.