In addition to recognizing an attack based on the amount of traffic or the number of packets,
we at Hetzner Online are able to clearly define the actual attack and then to specifically home
in on and react to that particular type of attack. For example, a UDP flood with 500k pps is harmless for a server.
A 500k SYN packet, however, could pose a problem. Our DDoS protection tools can detect precisely this type of difference.
This method allows us to effectively filter out the most commonly known attacks by putting them
through traffic scrubbing filters. The method is especially successful at scrubbing out
the following types of attacks: DNS reflection, NTP reflection, and UDP floods on port 80.
In this final layer, we filter out attacks in the form of SYN floods, DNS floods, and invalid packets.
We are also able to flexibly adapt to other unique attacks and to reliably mitigate them.
The above technologies support a high level of automation, which our technicians continually optimize step by step. We can improve the system by analyzing each attack and constantly adjusting our filters and responses.