ASTIMP DDOS PROTECTION
DDoS Protection that works, protecting of critical data and applications, without affecting performance and productivity.
DDoS Detection & Mitigation – L2 to L7 up to 500 Gbps
Defends against known, unknown and evolving DoS, DDoS and other volumetric attacks.
Defends against attacks via TCP, UDP, IP protocols, Invalid IP packets, ICMP types, Time To Live field, packets lengths, and more
Receive up to the minute notifications of attacks, mitigation and resolution of DOS and DDOS attacks.
With over 500Gbps of Global Routing capacity we can handle the largest of attacks.
Our highly trained team of security specialists monitor the network ensuring it is running at its peak performance.
Our support team is here 24 hours a day, 7 days a week, 365 days a year monitoring your services and ensuring it stays online.
What does this service do?
This addon provides you with an affordable source of Denial Of Service protection.
If you don’t know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it’s unlikely you need this.
How much filtering is provided?
We provide over 600+ million SYN Cookie packets-per-second and 200+ million TCP SYN Auth packets-per-second of filtering or up to 500 Gbps for volumetric floods.
Astimp Anti-DDOS is designed to detect attacks that can be perpetrated through invalidly formed packets or using packets containing invalid option settings.
• Layer 2/3 – Traffic is compared against a set of limits and rates, including connection and connection-rate limits. DDoS Mitigation uses a default set of limits. Custom limits can be configured and applied, by configuring and applying custom
GLIDs to DDoS Mitigation rules
• Layer 4 – Traffic is scrubbed and handled based on Layer 4 type (TCP, UDP, ICMP,or other). Custom Layer 4 settings in DDoS templates can be configured, and applied to the applicable Layer 4 types within rules. For TCP or UDP, there can be applied DDoS templates for individual protocol ports within rules.
• Layer 7 – Traffic is scrubbed and handled based on Layer 7 application type, such as HTTP or DNS. Custom Layer 7 settings in DDoS templates can be configured, and applied to the applicable Layer 7 application types within rules. There can also
be applied DDoS templates for individual application ports.
How much does it cost ?
All service in our infrastructure (web hosting, cloud-vps, dedicated servers, games, teamspeak) include free DDoS protection.
For DDOS protection outside from our infrastructure we have two services typ :
1. Devices built in your infrastructure ( out of path ):
– 40 Gbps Sensor / Scrubber – need 2U – 1800 €/month
– 80 Gbps Sensor / Scrubber – need 3U – 3400 €/month
– 120 Gbps Sensor / Scrubber – need 4U – 4800 €/month
*Setup one time 500€
2.Anti-DDoS Tunnel or Secure Uplink:
– up to 500 Gbps with up to 6 Gbps Tunnel – 800 €/month
– up to 500 Gbps with 1 Gbps Uplink – 800 €/month
– up to 500 Gbps with 10 Gbps Uplink – 1200 €/month
*Setup one time 500€
*Need ASN and BGP sesion over routers with GRE or L2TP support for tunnel.
*Clean traffic’ sent to you is cumulated with traffic received from your network and is charged at the end of the month with 95/5 rule rounded up in 100 Mbps increments. First Gbps is free of charge. Each additional 100 Mbps is charged with: 45/100 Mbps €
All of these solutions and services are fully managed and continuously armed with the global threat intelligence offered by Astimp Anti-DDOS .
Anti-DDoS Tunnel for Networks
The Anti-DDoS Tunnel is the quickest way for an entire Network and its downstream customers to be protected against volumetric or application specific DDoS attacks.
It is a completely automated solution that filters the traffic only when an attack is detected.
It is compatible with all edge routers supporting GRE or L2TP and gives the Network total control of which subnets are advertised through this tunnel via BGP advertisements.
Secure Uplink with Free Download IP transit
The Secure Uplink is the most efficient and simple way for an Internet Service Provider (ISP) to protect its network and its downstream customers against volumetric or application specific DDoS attacks of up to 500 Gbps.
By just adding a new upstream provider in its current list of peers, the ISP obtains immediately a completely automated solution that filters DDoS attacks for all subnets advertised through BGP to this line.
Devices built in your infrastructure ( out of path )
An intelligently automated, seamlessly integrated on-premise Astimp Anti-DDOS solution for attack protection.
- On the premise, the Astimp Anti-DDOS solution is an in-line or out off path, always on solution that can automatically detect and stop all types of DDoS attacks – especially low and slow application layer attacks. In the event of attack, the attack traffic /32 IP will automatically be routed to Anti-DDOS scrubbing
with cloud scrubing over on the premise instaled capacity
- Via intelligent Cloud Signaling, the Astimp Anti-DDOS continuously (even when not under attack) sends customized, local attack policy information to the Astimp Anti-DDOS Cloud. In the event of a large attack, the attack traffic /24 IP will automatically be routed to Astimp Anti-DDOS Cloud scrubbing center. In which case, preconfigured attack countermeasures, including previously local attack policies, will automatically stop the DDoS attack.
- In the cloud, Astimp Anti-DDOS Cloud offering over 500Gbps of mitigation capacity.
- During and post attack, a comprehensive set of reports are automatically generated detailing all attack activity.
Astimp Anti-DDOS sensor
Multi-level DDoS Protection Technology Sensor can announce upstream provider(s) through BGP to stop routing traffic towards the attacked destinations.
Sensor can announce the upstream Internet Service Provider (ISP) or a Managed Security Service Provider (MMSP) that offers anti-DDoS services to scrub malicious packets in cloud.
Flow Sensor and Packet Sensor provide in-depth traffic analysis, traffic accounting, bandwidth monitoring, traffic anomaly and DDoS detection.
Sensor can automatically send notification emails to the ISPs originating non-spoofed attacks.
Sensor can apply filtering rules and ACLs on third-party DDoS mitigation appliances, firewalls and routers.
- DDoS Detection & Mitigation – An innovative traffic anomaly detection engine detects DDoS attacks. The malicious traffic is blocked in a granular manner
- Detailed Forensics – View packets and flow records for each attack. Detailed attack reports can be emailed to interested parties
- Full Network Visibility – Supports all major traffic monitoring technologies: packet sniffing at 100+ Gbps, Cisco NetFlow, sFlow, IPFIX, NetStream, cflowd and SNMP
- Complex Analytics – Generates complex reports with aggregated data for hosts, IP groups, interfaces, applications, protocols, countries, ASNs and many more
- Flow Analyzer and Collector – Provides a fully-featured NetFlow, sFlow, and IPFIX collector. Flows can be stored, searched, filtered, sorted and exported