Gunzenhausen, Germany – 23. September 2016
DDoS (distributed denial-of-service) attacks have unfortunately become part of everyday life in the IT sector. In a DDoS attack, thousands of fake requests are sent to servers in order to purposely flood their resources and overload the system. Large numbers of compromised computers are used to form a botnet. This botnet then creates a gigantic amount of data traffic, which results in very high loadtimes, or in the worst case scenario, a complete breakdown of the server.
Hetzner Online uses its automated security tools to protect web applications, websites, servers, and IT infrastructure from this threat. The system, which mainly consists of Arbor and Juniper hardware, enables Hetzner Online to clearly distinguish between valid traffic and malicious attacks using three different layers of protection:
1. Automated recognition of attack patterns
In addition to recognizing an attack based on the amount of traffic or the number of packets, Hetzner Online will be able to clearly define the actual attack and then to specifically home in on and react to that particular type of attack. For example, a UDP flood with 500k pps is harmless for a server. A 500k SYN packet, however, could pose a problem. The DDoS protection tools can detect precisely this type of difference.
2. Filtering traffic for known attack patterns
This method allows Hetzner Online to effectively filter out the most commonly known attacks by putting them through traffic scrubbing filters. The method is especially successful at scrubbing out the following types of attacks: DNS reflection, NTP reflection, and UDP floods on port 80.
3. Challenge-response authentication and dynamic traffic filtering
In this final layer, Hetzner Online filters out attacks in the form of SYN floods, DNS floods, and invalid packets. The filtering tools are also able to flexibly adapt to other unique attacks and to reliably mitigate them.
The above technologies support a high level of automation, which in turn will continue to be optimized step by step. The system, which uses the latest hardware appliances and sophisticated perimeter security technologies, provides clients with first-rate protection against large-scale DDoS attacks. And all that free of charge.
For further information, please see wiki.hetzner.de/index.php/DDoS-Schutz/en.