ANTI-DDoS
(Anti-Distributed Denial of Service)
The Network Box Anti-DDoS engine provides Distributed Denial of Service (DDoS) Attack mitigation, so that ‘bad traffic’ is kept at bay, while ‘good traffic’ is allowed through to secured web facing servers, defending business continuity during ongoing attacks. Using real-time automated fingerprinting to identify and blacklist attacks, the engine takes milliseconds to respond to brute force attacks coming from thousands of sources.
The engine keeps track of DDoS information on a per-source basis (which it periodically maintains and prunes), and imposes limits on reasonable behavior. Sources which exceed those limits are deemed to be DoS/DDoS attack sources and mitigated.
Anti-DDoS Overview
The diagram below illustrates the Anti-DDoS engine in action, whilst your network is under a DDoS attack.
The Anti-DDoS engines offers DoS/DDoS mitigation facilities:
● Total connections limiting ● Total connection rate limiting ● Per-source connections limiting ● Per-source connection rate limiting ● Per-source-per-method rate limiting ● SYN cookies for SYN flood protection
|
Key Features
|
Real-Time automated fingerprinting to identify and blacklist attacks. |
|
Slows down attacks by a factor of 1,000. |
|
Millisecond response to brute force attacks. |