Here you can search and view our site Knowledge Base. To find a specific article, use KB-article number format (ex. KB-1)
Article number: kb-20
Q. Did you have DDOS Protection ?
A. Our network is proactively filtered in 3 different stages (upstreams, core-routers, distribution routers) and dynamically filtered in 2 stages (distribution routers, firewalls). Our NIDS (Network Intrusion Detection System) device captures inbound traffic, detects and logs malicious traffic, analyzes it and finally provides the most appropriate filtering rules (layers 3-7) to our network firewalls filtering the attack(s) with the less possible loss of legit traffic. NIDS' logging function includes reporting (after completing anti-spoof checks) source IPs involved to ISPs' abuse departments and anti-intrusion organizations which are connected with law authorities.
Our firewalls are capable to provide up to layer7 filtering and they're connected between our core-router (which is directly connected to datacenter's core-router) and our main router (which our switches are connected to) receiving filtering rules from NIDS and/or rarely from our staff members. Firewalls have been designed to function both independently and all together. By default they all function together, but if for any reason NIDS becomes unavailable, firewalls will start functioning independently even if that means slower performance temporarily in order to avoid the network being unfiltered until NIDS becomes available again. Additionally, if one of the firewalls gets unavailable, it instantly gets excluded from the load balancing system preventing network getting affected. That way network has a complete fail-over no matter if any of the firewalls or NIDS becomes unavailable.
Our NIDS analyzes and identifies attacks per packet's protocol, packet type and several other characteristics giving the opportunity to firewalls to filter an attack with at least 15 methods (planning to increase to 20+ methods in the near future). In rare cases when an attack cannot get filtered differently, an IP null-route is applied. If the attack exceeds a specific number of Gbps (Gigabits per second) or Mpps (Million packets per second), additional ACLs may get applied in our router(s).
This firewalling mechanism described above has been completely designed and engineered by Sharktech staff using fundamental understanding of filtering, intensive knowledge and experience in preventing DDoS attacks. Our firewalls and NIDS are using open-source operating system with engineered firewalling and detection software.
Article number: kb-20