Our DDoS protection

DDoS attacks damage your applications. Not with us!

We protect our network very effectively against DDoS attacks by using detection software and pre-filters. The protection automatically detects and filters the malicious traffic and protects your server against DDoS attacks up to 800 GBit/s.

If you want to protect a website (HTTP or HTTPS) against DDOS attacks, we recommend to use additionally for the use of Layer 7 Protection for higher efficiency. A DDoS attack can be stopped by means of Layer 7 Protection, a DDoS attack can be detected and filtered much faster. In order to use the Layer 7 Protection protection, we have to deposit your SSL certificate. To do this, open a ticket in our web interface. During an attack, the server remains accessible and you can use your services normally. services normally. Non-relevant ports will be blocked as long as the attack lasts.

There are different types of DDoS (Distributed Denial of Service) attacks. Basically a DDoS is DDoS is understood to be a "denial of service", which is intentionally caused by a large number of of requests and thus leads to an overload of the data network or the server.

The Layer 7 DDoS protection

DDoS attacks can target different layers. Compared to the past, current DDoS DDoS attacks often target the top layer: Layer 7 is the application layer and is used to provide functions for the applications and is responsible for data input and output. It provides functions for the applications and is responsible for data input and output.

Layer 7 attacks specifically target the protocols belonging to Layer 7 such as Telnet, FTP, NNTP, HTTP or SMTP. Compared to other DDoS attacks, Layer 7 attacks require far less bandwidth and packets to cause a disruption of services. A low-level protocol attack such as. SYN flood requires a huge number of packets to carry out an effective DDoS attack, whereas a Layer 7 attack requires only a limited number of packets to implement a major DDoS attack.

The most widespread of the Layer 7 attacks is HTTP flooding. In this case, an HTTP request is sent to the affected server and uses considerable resources, and although the number of number of packets is limited, they fully utilise all server resources and lead to a denial of service. denial of service.

Our Layer4 DDoS Protection

Layer4 attacks (infrastructure layer) are usually UDP or SYN floods, which send enormous amounts of data to the IP address. send huge amounts of data to the IP address in order to crash the underlying server. Our DDoS protection protects your servers from layer 4 attacks using live or dynamic filtering. attacks:

Gamefilter

Our game filters are the solution against complex UDP floods that target game and voice servers (e.g. Teamspeak). Teamspeak). The idea behind the gamefilter is to offload as much traffic as possible to the DDoS filter (basically the Edge) to always respond to certain amounts of traffic. The gamefilter was implemented for several portranges and helps to keep game servers online even in case of very complex attacks online.

The following port ranges have been implemented specifically for the operation of the following game servers:

2300-2400: DayZ und Arma 3, Arma 3 Query
5761-5794: Atlas
9000-9999: Teamspeak3
12800-13100: Hurtworld
19132: Minecraft Pocket Edition
22000-22020: Rage-MP / MTA
22126: Rage-MP / MTA
23000-23200: Battlefield
27000-28000: Alle Source Engine / Query Games wie z.B. Counter Strike 1.6, Counter Strike Source, Counter Strike GO, The Ship, Garrys Mod, Nuclear Dawn, Call of Duty Modern Warfare 3, Starbound, Space Engineers, 7 Days to Die, Rust, Quake Live, ARK: Survival Evolved, Valheim, Mordhau
30000-32000: FiveM GTA-MP
36123-36128: Stormworks

In our web interface, even stricter filter profiles can also be activated for specific games.

Known technical effects

While DDoS filters are active, you may notice the following effects, among others:

Requests to Dockerhub can be limited/blocked. This can be enabled through a ticket.
ICMP traffic may be limited, dropped or answered - icmp packet loss or higher latency may occur. latency may occur (does not affect other protocols).
TCP traffic forces authentication, which can result in the connection being reset at the reset the first time the connection is attempted.
UDP traffic may be limited or force reconnection.

Our DDoS protection

Nowadays, DDoS attacks in the gigabit range are no longer unusual. We effectively protect your server from attacks of any kind with the DDoS protection of combahton GmbH - harmful traffic is automatically detected and filtered, while legitimate traffic is allowed.

Either the sensor or permanent mode can be activated via our web interface. With these and many other functions, we offer you maximum flexibility and allow you to easily adapt the DDoS protection to your project!

Problems with DDoS attacks?

Take it in hand!

We offer you many possibilities to take action against DDoS via our extensive web interface. With our free DDoS profiles you can optimise the protection for prefabricated games or programmes with just a few mouse clicks. Our experts have created these profiles so that the application is specifically protected.

In addition, you can independently view DDoS attacks and also make changes to the sensor mode. If you are a big target for DDoS attacks, we will be happy to create individual protection profiles adapted to your server via customer service. Feel free to contact us!

Adjustments

With many years of expertise, we can carry out our own optimisations to the DDoS protection for your server on request via our customer service. This ensures that your server is protected in the best possible way!

DDoS profiles

In our web interface, you can activate DDoS profiles yourself, which protect your server better depending on the application. We currently offer predefined profiles for some games and programmes.

Scalable

Our network is connected to various internet providers with over 800 GBit/s, so that even very large DDoS attacks at distributed locations can be filtered - legitimate traffic is not restricted.