Certified Seal Security Seals

SEC-LAYER ANTI-DDOS

SEC-LAYER is a brand new service offered by Vilayer to provide DDOS protection on all of our services in supported Datacenters. The general fact in todays hosting industry is that no one is safe from DDOS attacks and this is something of which we want to stop...

It's not a simple case of if you're ever going to get a DDOS attack it's now a simple fact of when will you get a DDOS attack. The issue is these attacks come in a massive range of size and type so the big question is....



What is SEC-LAYER ANTI-DDOS protection?


Your services and servers without DDOS protection


This is a server without any form of protection, this image displays a server which is online and is currently getting malicious traffic sent.

A DDOS attack aims to render a server, service or an infrastructure unavailable by overloading the server(s) bandwidth or monopolising its resources until the point of depletion. During a DDoS attack, a multitude of requests are sent simultaneously from either a single host or multiple points across the internet. The intensity of this "barrage" renders the service unstable, or even worse, completely unavailable.


What SEC-LAYER offers to protect your services


SEC-LAYER offers a mitigation solution based on the VAC technology, which involves an exclusive combination of techniques to:
  • Analyse - all packets coming in at high speed and malicious types in real time.
  • Suck up - all traffic that is malicious and ensuring that your servers connection is not affected.
  • Mitigate - i.e. singling out all the illegitimate IP packets, while allowing legitimate ones to pass through


Targets and types of attacks


There are three ways of making your site, server or infrastructure unavailable:
  • Bandwidth - this type of attack consists of saturating the server's network capacity, which renders it unreachable.
  • Resources - this type of attack consists of depleting the machine's system resources, which prevents it from responding to legitimate requests.
  • Exploitation of software fault - also called "exploit", this type of attack targets a particular software fault either to make the machine unavailable or to take control of it.

SEC-LAYER Active World Datacenter Map

Ledger

= FULL SEC-LAYER PROTECTION
Fully protected against all of the following based DDOS attacks.
= SEMI SEC-LAYER PROTECTION
Fully protected against against all DDOS attacks but not fully protected against UDP based DDOS attacks
= NOT SEC-LAYER PROTECTION
Is protected against all major attacks but no guarantee against TCP and UDP based attacks.



Name of attack OSI level Type of attack Explanation of attack principle
ICMP Echo Request Flood
L3
Resource
Also called Ping Flood, mass sending of packets implicating the response of the victim, which has the same content as the original packet.
IP Packet Fragment Attack
L3
Resource
Sending of IP packets that voluntarily reference other packets that will never be sent, which saturates the victims memory.
SMURF
L3
Bandwidth
ICMP broadcast attack usurping the source address to redirect multiple responses to the victim
IGMP Flood
L3
Resource
Mass sending of IGMP packets (multi-cast management protocol)
Ping of Death
L3
Exploit
Sending of ICMP packets which exploit an implementation bug in certain operating systems
TCP SYN Flood
L4
Resource
Mass sending of TCP connections requests
TCP Spoofed SYN Flood
L4
Resource
Mass sending of TCP connections requests to usurp the source address
TCP SYN ACK Reflection Flood
L4
Bandwidth
Mass sending of TCP connections requests to a large number of machines, usurping the victim's source address. The bandwidth of the victim will be saturated by the responses to these requests.
TCP ACK Flood
L4
Resource
Mass sending of TCP segment delivery receipts
TCP Fragmented Attack
L4
Resource
Sending of TCP segments that voluntarily reference other segments that will never be sent, which saturates the victim's memory
UDP Flood
L4
Bandwidth
Mass sending of UDP packets (not requiring a previously-established connection)
UDP Fragment Flood
L4
Resource
Sending of UDP datagrams that voluntarily reference other datagrams that will never be sent, which saturates the victim's memory
Distributed DNS Amplification Attack
L7
Bandwidth
Mass sending of DNS requests usurping the source address of the victim, to a large number of legitimate servers. As the response is more voluminous than the question, an amplification of the attack follows
DNS Flood
L7
Resource
Attack of a DNS server by mass sending of requests
HTTP(S) GET/POST Flood
L7
Resource
Attack of a web server by mass sending of requests
DDoS DNS
L7
Resource
Attack of a DNS server by mass sending of requests from a large set of machines which are under the attacker's control