Our DDoS protection

DDoS attacks damage your applications. Not with us!

Our DDoS protection

Nowadays, DDoS attacks in the gigabit range are no longer unusual. We effectively protect your server from attacks of any kind with the DDoS protection of combahton GmbH - harmful traffic is automatically detected and filtered, while legitimate traffic is allowed.

Either the sensor or permanent mode can be activated via our web interface. With these and many other functions, we offer you maximum flexibility and allow you to easily adapt the DDoS protection to your project!

Adjustments

With many years of expertise, we can carry out our own optimisations to the DDoS protection for your server on request via our customer service. This ensures that your server is protected in the best possible way!

improvement

There are new attack patterns every day that our protection has to cope with. We log every incoming attack. Which is why we are able to keep optimizing our protection solution.

real-time detection

Through a sophisticated multi-level live traffic analysis concept and inline detection, we are able to detect attacks in the shortest possible time to take automatic countermeasures.

DDoS-Filter

Unsere Filter sind die Lösung gegen komplexe Angriffe, die auf Anwendungen, Game- und Voiceserver (z.B. Teamspeak) zielen. Die DDoS-Filter wurde für mehrere Portranges implementiert und hilft, Gameserver und Anwendungen auch bei sehr komplexen Angriffen online zu halten.

Filtering is possible for:

IPv4
UDP Floods
TCP Floods
ICMP Floods
Resource exhaustion attacks
Amplification Floods
Zero Day Attack Prevention (dentifizierung von Angriffen, die von den typischen Gegenmaßnahmen nicht gefiltert werden können, oder wenn das System feststellt, dass diese Art der Abschwächung in Bezug auf die Nutzung von Hardware- und CPU-Ressourcen günstiger ist)

Filtering is not 100% possible for:

Layer 7 http(s) Attacks/Floods
Spiel-/Protokollbasierter echter Anwendungsverkehr (z. B. Minecraft-Bots, PCAP-Wiederholungen sind in diesem Beispiel nicht enthalten. Das System bietet Schutz vor PCAP-Wiederholungen).

The following port ranges have been implemented specifically for the operation of the following applications:

UDP:

30000-32000: FiveM
34100-34200: Facorio
9000-9999: TeamSpeak3
27000-28000: VALVE Source Engine
19100-19200: Minecraft Bedrock Edition
8200-8300: Palworld
7100-7200: SCP: Secret Laboratory
1194: OpenVPN
51820: Wireguard

TCP:

30000-32000: FiveM
25565-26000: Minecraft Java Edition
22: SSH

Known technical effects

While the DDoS filter is active, you may notice the following effects, among others:

Requests to Dockerhub can be limited/blocked. (Can be enabled via support)
ICMP traffic can be limited, discarded or answered - icmp packet loss or higher latency may occur (does not affect other protocols). latency may occur (has no effect on other protocols).
TCP traffic forces authentication, which can lead to the connection being reset on the first connection attempt. connection is reset on the first connection attempt.
UDP traffic can be limited under certain circumstances or force a reconnection.
DNS traffic: DNS is limited to the usual resolvers: 1.1.1.1, 1.0.0.0.1, 8.8.8.8, 8.8.4.4, 9.9.9.9
IPv4 GRE traffic is blocked (can be enabled via support)
Any other traffic that is not IP Proto 1, 4, 6 or 17 (can be enabled via Support)

Client Handling After Attack Detection

Clients that try to establish a TCP session after a TCP attack has been detected need to retransmit their first connection. This is called 'TCP Authentication'. Clients that were connected before the attack started are not impacted. UDP connections are also validated and authenticated if there is an ongoing UDP attack, but this does not impact clients in 99% of the cases. However, clients may be forced to retransmit their first UDP connections too. This only impacts clients who establish a connection after an attack started.

SLA (Service Level Agreement)

Dashserv does not provide any SLA regarding the DDoS mitigation services. DDoS Protection is only offered on a best-effort basis. We'll do everything possible to protect ouer customer from any type of DDoS attack, but we won’t specify any numbers regarding DDoS mitigation capacity. Customers needing 24/7 DDoS mitigation support should switch to another pricing plan. Please raise a ticket to get a quote. Customers may encounter issues with active mitigation countermeasures, causing certain applications to not work properly.