Anti-DDoS Service for our servers

By default, all Tu Cloud Servers servers are equipped with automatic DDoS attack mitigation in the event of an attack (reactive mitigation). 


In a DDoS (distributed denial-of-service) attack, an attacker will send thousands of fake requests in an attempt to exceed the bandwidth, flood a server's resources, and overload the system. By doing this, valid requests can only be processed very slowly or not at all. A massive amount of compromised computers (botnets) are often used to create a gigantic amount of data traffic.

A successful DDoS attack can cause significant downtime for web applications, websites, servers and IT infrastructure. A DDoS attack will not only seriously impact the victim. While a server is being attacked, it can also affect other servers, making them just as inaccessible during the attack and causing further collateral damage.

The security solution: DDoS protection

After completing a thorough examination of our systems' ability to resist DDoS attacks, Tu Cloud Server has implemented DDoS protection mitigation tools, which mainly consist of Arbor and Juniper hardware, into our network. Our three-layer system enables us to clearly distinguish between valid traffic and malicious attacks.

1. Automated recognition of attack patterns

In addition to recognizing an attack based on the amount of traffic or the number of packets, we at Tu Cloud Server will be able to clearly define the actual attack and then to specifically home in on and react to that particular type of attack. For example, a UDP flood with 500k pps is harmless for a server. A 500k SYN packet, however, could pose a problem. Our DDoS protection tools can detect precisely this type of difference.

2. Filtering traffic for known attack patterns

This method allows us to effectively filter out the most commonly known attacks by putting them through traffic scrubbing filters. The method is especially successful at scrubbing out the following types of attacks: DNS reflection, NTP reflection, and UDP floods on port 80.

3. Challenge-response authentication and dynamic traffic filtering

In this final layer, we filter out attacks in the form of SYN floods, DNS floods, and invalid packets. We are also able to flexibly adapt to other unique attacks and to reliably mitigate them.

The above technologies support a high level of automation, which in turn will continue to be optimized step by step. We can improve the system by analyzing each attack and constantly adjusting our filters and responses.

How it affects customers

DDoS protection will not cause costs or prices to increase and will be available to all customers. Our system will detect DDoS attacks at all times, and its ability to recognize them will continually improve. Once an attack is recognized, the dynamic DDoS protection tools will immediately go into action and will filter out the attack. Your traffic will usually not be affected by the DDoS protection system due to its dynamic method of mitigating attacks.

Was this answer helpful?

 Print this Article

Also Read

Instructions for install the new subnet or the new IP address

All dedicated and virtual servers come with an IPv4 address, as well as a /64 IPv6 subnet....

Add and Delete Users on Linux

Setup This tutorial requires access to the root user or a user with sudo privileges. You should...

How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 14.04

Introduction A "LAMP" stack is a group of open source software that is typically installed...

How To Install and Configure GitLab on Ubuntu 16.04

Introduction GitLab CE, or Community Edition, is an open source application primarily used...

Add and Delete Users on Linux

Setup This tutorial requires access to the root user or a user with sudo privileges. You should...