Protection contre les attaques DOS et DDOS

Stingray Service Gateway possède une protection intégrée contre les attaques par Déni de Service (DoS) et les attaques par déni de service distribué (DDoS). Ceux sont des types d'attaques contre les systèmes informatiques lorsque les utilisateurs ne peuvent pas accéder aux ressources système fournies ou que cet accès est difficile.

(English) The attack is carried out from the attacker’s computer or entire network (botnet) of devices, and this can be any device having access to the Internet (router, TV, tablet, etc.). The user may not know that attack is carried out from his or her device. In this case, protection of remote resources and applications should be performed by the carrier’s equipment.

  • Performance up to 20 million packets per second, depending on the configuration.
  • Protection against TCP SYN Flood and fragmented UDP Flood.
  • Protection against DDoS (LOIC etc) basing on The Turing Test (Human Detection).
  • Dynamic control of the bandwidth, common and up to a separate IP.
  • Prioritization by common bandwidth and separate IP protocols.

Specifics

The Turing Test (CAPTCHA pages) to protect against DDoS

This computer test determines who the user of the system is - a person or a computer.

If the threshold value is exceeded, for example, the number of requests per second comfortable for the site, the protection is activated and the user needs to enter information from CAPTCHA to confirm that he or she is not involved in the botnet network, and only then access to the site will be allowed.

After confirmation, the user is entered into the Allow List and is no longer checked.

TCP SYN Flood protection against DoS

(English) SYN Flood attack causes increased consumption of resources of the attacked system. Denial of service occurs when the flow of SYN-flood is 100 000 - 500 000 packets per second. At the same time, even a gigabit channel will allow an attacker to send to the attacked site a stream of up to 1.5 million packets per second.

Stingray SG detects independently an attack on exceeding a specified threshold of unconfirmed SYN requests and, instead of the protected site, responds to SYN requests and organizes a TCP session with the protected site after confirmation of the request by the client.

Fragmented UDP Flood protection against DoS

(English) This type of attack is carried out by fragmented UDP-packets, usually a short one, for the assembly and analysis of which the attacked platform is forced to spend a lot of resources.

Protection is carried out by discarding a set of protocols that is irrelevant for the protected site or rigid restriction of them over a passed band.

(English)

Where to begin?

Send a request
We will contact you, specify the task, provide access to the documentation and answer your questions.
Choose the solution
We discuss the current situation: traffic volume, available equipment, the functionality you need.
Free trial
Our engeniers install the selected software and adapt it to your specific tasks. Сontract — only after the test is successful.
Nous utilisons des cookies pour optimiser les fonctionnalités du site et vous offrir la meilleure expérience possible. Pour en savoir plus sur les cookies que nous utilisons, veuillez consulter notre Politique de cookies. En cliquant sur « Okay », vous acceptez notre utilisation des cookies. Learn more.