ddos schutz
DDoS protection

DDoS protection

Secure your websites from internet attacks

In a DDoS (distributed denial-of-service) attack, an attacker sends thousands of fake requests in an attempt to exceed the bandwidth, flood a server's resources, and overload the system. By doing this, valid requests can only be processed very slowly or not at all. A massive amount of compromised computers (botnets) are often used to create a gigantic amount of data traffic. Hetzner Online uses its automated security tools to protect your web applications, websites, servers, and IT infrastructure from this threat. Our automated system recognizes almost all attack patterns in advance, allowing it to block the attacks and effectively thwart the vast majority of them. It uses the latest hardware applications and sophisticated filter technologies, providing you with first-rate protection against large-scale DDoS attacks. And all that free of charge.


The security solution: DDoS protection

Our system protects you and your data by utilizing Arbor and Juniper hardware.


Data transmission in normal operations

ddos protection normal

Data transmission in a DDoS-protected system during an attack

ddos protection attack

Automated recognition of attack patterns

In addition to recognizing an attack based on the amount of traffic or the number of packets, we at Hetzner Online are able to clearly define the actual attack and then to specifically home in on and react to that particular type of attack. For example, a UDP flood with 500k pps is harmless for a server. A 500k SYN packet, however, could pose a problem. Our DDoS protection tools can detect precisely this type of difference.

Filtering traffic for known attack patterns

This method allows us to effectively filter out the most commonly known attacks by putting them through traffic scrubbing filters. The method is especially successful at scrubbing out the following types of attacks: DNS reflection, NTP reflection, and UDP floods on port 80.

Challenge-response authentication and dynamic traffic filtering

In this final layer, we filter out attacks in the form of SYN floods, DNS floods, and invalid packets. We are also able to flexibly adapt to other unique attacks and to reliably mitigate them. The above technologies support a high level of automation, which our technicians continually optimize step by step. We can improve the system by analyzing each attack and constantly adjusting our filters and responses.

How it affects customers

DDoS protection has not caused costs or prices to increase and is available to all customers. Our system detects DDoS attacks at all times, and its ability to recognize them continually improves. Once an attack is recognized, the dynamic DDoS protection tools immediately go into action and filter out the attack. Your traffic is usually not affected by the DDoS protection system due to its dynamic method of mitigating attacks.