We protect our network very effectively against DDOS attacks by using our own detection software + filters as well as Voxility. The protection automatically detects and filters "bad traffic" and protects IP addresses against DDOS attacks up to 1.600GBps.
If you want to protect a website (HTTP or HTTPS) against DDOS attacks, we additionally recommend the use of Layer 7 Protection for higher efficiency. A DDOS attack can be detected and filtered much faster with Layer 7 Protection. When using SSL, it makes sense to store the certificate in the firewall software.
During an attack, the server remains accessible and you can use the services normally. Non-relevant ports are blocked as long as the attack persists, e.g. icmp for ping.
There are different types of DDoS (Distributed Denial of Service) attacks. Basically, a DDoS is a "denial of service" that is deliberately caused by a large number of requests and thus leads to an overload of the data network or the server.
DDoS attacks can target different layers (see ISO/OSI layer model). Compared to earlier versions, current DDoS attacks often target the top layer (Layer 7). Layer 7 is the application layer and serves to provide functions for the applications and is responsible for data input and output.
Layer 7 attacks specifically target Layer 7 protocols such as Telnet, FTP, NNTP, HTTP or SMTP. Compared to other DDoS attacks, Layer 7 attacks require far less bandwidth and packets to disrupt services. A low-level protocol attack such as SYN flood requires a huge number of packets to perform an effective DDoS attack, while a Layer 7 attack requires only a limited number of packets to perform a large DDoS attack.
The most common Layer-7 attack is HTTP flooding. Here, an HTTP request is sent to the affected server and uses considerable resources, and although the number of packets is limited, they fully utilize all server resources and lead to a denial of service.
Layer 7 protection is activated by us at your request, and we also deposit the certificate in the firewall software.
All important standard ports remain accessible during a DDOS attack and are filtered by the protection.