No Bullshit - Just Bulletproof.

We're sick of marketing teams generating statements which mis-lead and confuse customers.


The Sales-Pitch / what you want to hear

Mitigation on the network edge

Most large attacks are identified at the network edge before it even gets near your server, with a combination of solutions including but not limited to; Tilera TILEmpowerGX 36's - and are filtered at the network edge using Arbor Peakflow TMS systems.
With a total mitigation capacity sitting at about 3000Gbps, balanced between three locations; Strasburg(France), Roubaix(France) and Beauharnois(USA/Canada).

What is 3000Gbps?

3000Gbps(3Tbps) is a capacity which can be utilised to block some DDoS attacks, and while that sounds great to throw around - the truth is a lot of DDoS attacks wont be mitigated this way. They're too advanced and new. At the same time, they're generally a lot smaller too.

So how much can you handle?

You will often hear companies make claims like "500-600Gbps Protection" - but the truth is that they can only block certain DDoS attacks with this capacity. This means if the DDoS attack that is being launched at your server is new, or they don't know about it, you will still get affected by the DDoS attack. Certain providers are getting good at blocking a large amount of these DDoS attacks, however the truth is they will never be able to keep up with the amount of new attacks and exploits being created every day. Every application has its own types of vulnerability, and new DDoS/DoS attacks are coming out for applications all the time. Trying to block all these attacks on every possible application is simply such a large task there will always be certain methods which work.

How we're different

Our protection has taken the typical way of blocking DDoS attacks - looking for attack traffic and blocking it - and completely inverted it. We only allow traffic we know is legitimate traffic for your application.
We use this technique and we place it behind the typical mitigation methods, to double down on protection, and provide a level of security which is almost un-matched by other providers. We also only focus on what we're good at; game servers. We don't try to take on an impossible task in order to get more customers, because we want to focus on quality first.

The Details / the breakdown

Upstream mitigation:

Pre-Firewall

  1. Check UDP fragmentation
  2. Check packet size
  3. Authorisation of TCP, UDP, ICMP, GRE protocols
  4. Blocking all other protocols

Firewall

  1. Authorise/block an IP or a sub-network of IP's
  2. Authorise/block protocols:
    1. IP (all protocols)
    2. TCP
    3. UDP
    4. ICMP
    5. GRE
  3. Authorise/block TCP/UDP port interval
  4. Authorise/block SYN/TCPs packets
  5. Authorise/block all packets except SYN/TCPs

Tilera

  1. Malformed IP header check
  2. Incorrect IP checksum check
  3. Incorrect UDP checksum check
  4. ICMP limitation
  5. Malformed UDP datagram check
  6. DNS amplification vector check

Arbor

  1. Malformed IP header check
  2. Incomplete fragment check
  3. Incorrect IP checksum check
  4. Duplicated fragment check
  5. Check if fragment is too long
  6. Check if IP/TCP/UDP/ICMP packet too long
  7. Incorrect TCP/UDP checksum check
  8. Invalid TCP flags check
  9. Invalid sequence number check
  10. Zombie detection
  11. TCP SYN authentication
  12. DNS authentication
  13. Badly formed DNS request
  14. DNS limitation

Then our custom DDoS mitigation is applied. Zero-Day patches included.

Blocking attacks like
  1. Valve Source Engine Attacks and Exploits
  2. VSE/A2S Attacks including:
    1. A2S GetInfo
    2. A2S GetChallenge
    3. A2S GetRules
    4. VSE Flood Attacks
    5. Source Engine Amplification
    6. Source connection/disconnection floods
  3. COD Amplification
  4. Quake Amplification
  5. All other known TCP attacks
  6. All other known UDP attacks
Information

Our custom DDoS protection is applied at the last layer. This is provided by one of our partners; GMCHosting LLC. The purpose of this step is to clean up any in depth attacks that the other layers would have missed. This allows us to provide bullet proof protection. We can't give too much detail on how the system works as we don't want people knowing how to work around it, however we can confirm it will block almost every Layer 7 exploit you can get your hands on, including in depth source engine exploits. If it fails then rest assured that we will work to patch it as soon as possible.
We get excited when someone finds a way around our filters, and we don't sleep until the issue is resolved.