Protection Against DOS and DDOS attacks

Stingray Service Gateway has built-in protection against Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks – these are types of attacks on computer systems, when users cannot access the provided system resources or this access is difficult.

The attack is carried out from the attacker’s computer or entire network (botnet) of devices, and this can be any device having access to the Internet (router, TV, tablet, etc.). User may not know that attack is carried out from his or her device. In this case, protection of remote resources and applications should be performed by the carrier’s equipment.

  • Performance up to 20 million packets per second, depending on the configuration.
  • Protection against TCP SYN Flood and fragmented UDP Flood.
  • Protection against DDoS (LOIC etc) basing on The Turing Test (Human Detection).
  • Dynamic control of the bandwidth, common and up to a separate IP.
  • Prioritization by common bandwidth and separate IP protocols.

Specifics

The Turing Test (CAPTCHA pages) to protect against DDoS

This computer test determines who the user of the system is - a person or a computer.

If the threshold value is exceeded, for example, the number of requests per second comfortable for the site, the protection is activated and the user needs to enter information from CAPTCHA to confirm that he or she is not involved in the botnet network, and only then access to the site will be allowed.

After confirmation, the user is entered into the Allow List and is no longer checked.

TCP SYN Flood protection against DoS

SYN Flood attack causes an increased consumption of resources of the attacked system. Denial of service occurs when the flow of SYN-flood is 100 000 - 500 000 packets per second. At the same time, even a gigabit channel will allow an attacker to send to the attacked site a stream of up to 1.5 million packets per second.

Stingray SG detects independently an attack on exceeding a specified threshold of unconfirmed SYN requests and, instead of the protected site, responds to SYN requests and organizes a TCP session with the protected site after confirmation of the request by the client.

Fragmented UDP Flood protection against DoS

This type of attack is carried out by fragmented udp-packets, usually a short one, for the assembly and analysis of which the attacked platform is forced to spend a lot of resources.

Protection is carried out by discarding a set of protocols that is irrelevant for the protected site or rigid restriction of them over a passed band.

Where to begin?

Send a request
We contact you, specify the task, provide access to the documentation and answer your questions.
Choose the solution
We discuss the current situation: traffic volume, available equipment, the functionality you need.
Free trial
Our engeniers install the selected software and adapt it to your specific tasks. Сontract — only after the test is successful.
We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.