DDoS filter

A DDoS (Distributed Denial of Service) attack is an attack with multiple machines and connections trying to overload your website / server. TotallyHosted offers its own in-house DDoS filter. Using advanced hardware from Huawei, we filter data traffic within our network. This is possible only when your website or server is placed with us.

Compared to external scrubbers this methods this means more speed, the low latency is protected if you are attacked and your traffic will remain within our trusted network. Your data traffic remains safe in the Netherlands under Dutch law.

Customers wishing to use the DDoS filter, can set a separate dedicated filter per server for the hosted IP-addresses. In this way, other customers do not "suffer" from the settings / restrictions we apply for these IP-addresses. You can specify exactly which IP-addresses your server uses to filter DDoS attacks. The settings and setup of the filter is carried out by TotallyHosted. We use a standard rule set that is capable of filtering 96% of DDoS attacks. Any attacks that fall outside these filter settings can be manually configured if needed. There is no limit how many IP-addresses are included in the filter. The filtering of DDoS attacks is calculated per colocation / dedicated or virtual server.

Our filter can currently fend off attacks up to 800 Gbps. This quantity is constantly expanding. Approximately 96% of the attacks are automaticly rejected by the filter. For the remaining 4% manual settings can be made (cost: € 120.00 per hour)

Default DDoS attack defense functionality

• Protocol abuse attack defense
  Defense against IP spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.
• Web attack defense
  Defense against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP slow header flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.
• Scanning and sniffing attack defense
  Defense against Port Scanning, IP Scanning, Tracert Control Packet, IP Option, IP Timestamp and IP Routing Record attacks.

• DNS attack defense
  Defense against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.
• Network-layer attack defense
  Defense against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.
• SIP attack defense
  Defense against SIP methods Flood attacks.
• DHCP attack defense
  Defense against DHCP Flood attacks.

• Mobile attack defense
  Defensible DDoS attacks launched by mobile botnets, for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.
• Zombie, Trojan horse, worm and tools traffic blocking:
  Blocking of controlling traffic of active zombies, Trojan horses, worms, and tools, such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest,Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS, and so on C&C DNS request traffic blocking
• Feature-based filtering Blacklist
  HTTP/DNS/SIP/DHCP field-based filtering, and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.