UDP TCP GRE high filtering
FlokiNET is proud to be completly
-friendly ∴ Feel free to host a TOR-node with us!
FlokiNET DDoS mitigation cloud has 950 Gbps filtering capacity !
Client subnets are anounced anycast in all our locations and DDoS attacks are mitigated in the scrubbing center, closest to the attack source.
FlokiNET DDoS mitigation solutions can be deployed in the following ways ways:
1) Secure uplink - Direct link (cross-connect) if your server is present in the one of our locations:
• Equinix FR5 or Interxion 8 in Frankfurt
• FlokiNET IRD, NXData I or NXData II in Bucharest
Secure uplink is basically a direct peer between a client and us (as an intermediary step for the incoming traffic which is being filtered and then re-sent to the client).
Since this only manipulates incoming traffic via BGP the service itself utilizes the client's own IP ranges. The same link can be used for free to send traffic for around 36h / month (5% of the time). Everything above this limit is charged based on 95/5 rule.
The Secure Uplink service will be redirecting all your traffic from an affected subnet towards FlokiNET, a sensor detects instantly when an attack occurs and redirects traffic in seconds from the affected IP to the mitigation cloud. Redirection stops within minutes after the attack ends.
This can be solved easily via (cross-connect) + BGP between us and you in order to force the traffic from a given subnet to flow towards us:
- Normal Path: Your upstream provider >> Your server >> your client
- Secure Uplink Path: Your upstream provider >> Your server >> Our filter >> Flokinet's DDoS traffic cleaning >> Your Service >> Your client.
The most intelligent but complex solution is to redirect traffic only when needed, so a device or staff watching over the traffic with the power and knowledge to detect and redirect via BGP the traffic towards Flokinet.
The added latency provided by our anti-DDoS filter would be minimal. As a result, a reason to use FlokiNET as an outgoing relay would also be to diversify the list of upstream providers / ISPs through which you access the Internet.
Price for 1Gbps (filtered clean traffic, after DDoS mitigation) is 1700 EUR/month (+ 1400 Eur/setup fee)
The capacity can be upgraded based on the client needs.
2) Anti-DDoS Tunnel - Standard tunnel end-points to a nearby FlokiNET Security Cloud to connect your anti-DDoS equipment.
Anti-DDoS tunnel works under the same premises only that there is no need for a direct link between you and us. It is a GRE or L2TP tunnel through internet using a BGP session.
Through an encapsulated BGP session you will advertise end-user attacked subnet whenever downstream or equipment capacity is overwhelmed by an attack. Security Cloud will “hijack” the affected subnet's incoming traffic, mitigate it for DDoS and send it to you through the tunnel. Traffic exiting your network is never rerouted.
If you are not present in the locations I mentioned above than this would be the solution applied in your case.
Price for 1Gbps tunnel (filtered clean traffic, after DDoS mitigation) is 2380 EUR/month (+ 2800 Eur/setup fee)
The capacity can be upgraded based on the client's needs.
3) Anti-DDoS for hosted infrastructure - meaning that you would host your hardware in our locations or rent hardware from us.
Anti-DDoS for hosted infrastructure - meaning that you would host your hardware in our locations or rent hardware from us. With this option you can protect Ips and services located in our infrastructure.
• Number of attacks doesn't count
• The protection works for any known type of DDoS attack, on any layer
• Size of the attack doesn't count
• Number of protected IPs/equipment is unlimited. You can choose to protect your entire AS through this service.
• You are allowed to re-sell the service.
• Specific request regarding costumized layers and protection ways are available.
Examples of filtered DDoS attacks:
• IP non-existing protocol attack such as Flood with IP packets with reserved values in protocol field;
• Attack with fragments such as sending mangled IP fragments with overlapping, over-sized payloads to the target machine;
• ICMP attacks such as: ICMP Flood, Smack, Smurf attack (OBSOLETE);
• IGMP attacks such as: IGMP flood;
• TCP attacks such as: SYN Flood, SYN-ACK Flood, ACK Flood, FIN Flood, RST Flood, TCP ECE Flood, TCP NULL Flood, TCP Erroneous Flags Flood, TCP Xmas, Fake Session, SRC IP Same as DST IP;
• UDP attacks such as: General Random UDP Floods, Fraggle, DNS query, DNS Amplification (+DNSSEC), NTP Amplification, SNMPv2, NetBIOS, SDP, CharGEN, QOTD, BitTorrent, Kad, Quake Network Protocol, Steam Protocol;
• HTTP attacks such as: Slowloris (Apache / IIS Attack), R-U-Dead-Yet (RUDY), HTTP Object Request Flood;
• Other category attacks such as: Misused Application Attack, Slow Read attack.