Reliable DDoS Mitigation

Reliable protection against DDoS attacks

Companies are becoming increasingly vulnerable to DDoS attacks that can cause unexpected disruptions to their operations. The scale of these attacks can be difficult to predict and can lead to unexpected delays in data transmission or web server outages. As a result, services can suffer significant damage to their credibility and financial losses. Nevertheless, companies can protect themselves and take preventive measures: The cloudshift® DDoS Mitigation Service mitigates DDoS attacks and interruptions in advance and ensures that the flow of affected solutions or websites can always be maintained.

DDoS Protection
DSGVO konform, deutsche Cloud, klimaneutral

What happens in the event of a DDoS attack and how do we protect you?

In a distributed denial of service (DDoS) attack, attackers deliberately disrupt access to a service or server and make it inaccessible to legitimate people. A typical technique used by attackers is to secretly infect multiple computers with malware to gain control of these devices. This network of infected computer systems, known as a botnet, is then used by adversaries to launch DDoS attacks from multiple resources simultaneously, flooding the target’s facilities with a barrage of requests. cloudshift® offers two alternatives for DDoS defense services: Basic and Pro packages. These solutions run independently of domain and port specifications and provide early protection against attacks. With our own mitigation facilities in our own data center, we guarantee in-house protection. A decisive advantage of our DDoS defense solutions is that you do not have to change any DNS configurations in the event of an attack.

Benefits of cloudshift® DDoS protection

DDoS-Protection Made in Germany

Certified and reliable DDoS protection from Germany.

GDPR-compliant

We strictly follow the requirements of the GDPR.

Personalized support

Our technical support will assist you individually with the implementation of DDoS protection on request and is available for you in an emergency.

No DNS changes necessary

Your IP address remains unchanged. DNS settings do not need to be adjusted in the event of an attack.

Scrubbing center

The Pro package includes its own scrubbing data center, through which we direct the web traffic.

Predictable costs

cloudshift DDoS protection is offered at a fair fixed price and is not dependent on web traffic. This keeps the costs predictable.

cloudshift® DDoS Protection Plans

Our offer is directed exclusively to commercial customers. All prices are net plus VAT.

  • DDoS Protection Basic

  • € 99,90per month plus VAT
  • Domain-independent
  • Port-independent
  • IP-Renumbering
  • Pro-active handling
  • Origin-Protection
  • Scrubbing Center
  • Real-Time-Response-Team – 24/7 Support
  • Real-time mitigation
  • Protected IPs
  • Attack volume
    (max. bandwidth)
  • Combated attack vectors
  • Contact us

  • DDoS Protection Basic

  • 99,90per month plus VAT
  • IP remains unchanged
  • 1
  • up to 2 Gbit/s
  • udp-flood
    icmp-flood
    ipfragmentation-flood
  • Contact us

  • DDoS Protection Pro

  • upon request
  • IP remains unchanged
  • Entire network (e.g./24)
  • over 1,000 Gbit/s
  • Layer 7
    and all known
  • Contact us

FAQ cloudshift® DDoS Protection

A scrubbing center is an external data center that is strategically located in close proximity to various so-called “Internet POPs” (Points of Presence). These points of presence serve as important nodes on the Internet through which traffic is routed, and their proximity to a data center can significantly reduce latency and improve overall connection speed. A key aspect of this external data center is the creation of a so-called “scrubbing center”. In this specialized area of the data center, incoming data traffic is specifically checked and filtered before it even reaches the core infrastructure of the data center. This pre-filtering is crucial in order to detect and fend off unwanted data packets, such as those sent as part of DDoS (Distributed Denial of Service) attacks, at an early stage. This ensures that only legitimate and secure data traffic reaches the actual data center. By implementing such a scrubbing center, it is also possible to manage and mitigate extremely high bandwidth requirements and data traffic peaks, which significantly increases the reliability and security of the data center as a whole.

Distributed Denial of Service (DDoS) attacks are varied and use different methods to overload target networks or services and make them inaccessible. Here are some of the most common types of DDoS attacks, including the ones you mentioned:

  • SYN flooding: in a SYN flooding attack, attackers send a flood of SYN requests (part of the TCP handshake) to the target without completing the connection with an ACK (acknowledgment). This causes the server to wait for responses that never come, exhausting resources and preventing legitimate requests from being processed.
  • Smurf attacks: Smurf attacks use the ICMP (Internet Control Message Protocol) for the attack. The attacker sends ICMP echo requests (ping) to a broadcast address of network equipment, whereby the sender address is forged and indicates that of the victim. All devices in the network respond to this request, which leads to an overload of the target system.
  • Distributed Reflected Denial of Service (DRDoS): In DRDoS attacks, attackers abuse the properties of protocols such as DNS, NTP (Network Time Protocol) or SNMP (Simple Network Management Protocol) by sending requests to these servers with a forged sender address (that of the victim). The servers then reply with an answer to the victim, which leads to an overload.
  • Attacks through backdoor programs: Attackers use security vulnerabilities to install malware or backdoor programs on computers or networks. These infected machines can then become part of a botnet that the attacker uses for DDoS attacks by sending coordinated requests to a target.

Other types of DDoS attacks include:

  • UDP flood: In this method, attackers send a large number of UDP packets to random ports on the target server. The server attempts to respond to each packet with an ICMP “Destination Unreachable” message, which can overload it.
  • HTTP flood: This is a layer 7 attack that aims to overload a web server or application by sending masses of legitimate or seemingly legitimate HTTP requests.
  • Slowloris: In this type of attack, an attacker keeps connections to the target web server open for a long time with minimal resources, blocking new connections without fully utilizing the server.
  • Zero-day attacks: Here, attackers use previously unknown vulnerabilities in software or hardware to carry out DDoS attacks against which no specific protective measures yet exist.

Each type of DDoS attack exploits specific vulnerabilities or characteristics of the network or applications to cause maximum damage. Defending against such attacks requires a combination of preventative measures, such as setting up scrubbing centers, and constant monitoring of network traffic.

DDoS Origin Protection refers to security measures and strategies aimed at protecting the origin infrastructure of a website or online service from Distributed Denial of Service (DDoS) attacks. The “origin” or origin infrastructure refers to the primary servers and resources on which the applications, services or content are hosted. These can include data centers, cloud-based resources or specific web servers. As DDoS attacks aim to make these resources inaccessible by overloading them with significant traffic, origin protection aims to protect these critical infrastructures from downtime and performance issues.

DDoS Origin Protection incorporates various technologies and approaches, including:

  • Anycast Network Distribution: distributing traffic across multiple servers and data centers to spread the load and minimize the impact of an attack.
    Rate limiting and traffic shaping: Limiting the rate of requests sent to a server and adjusting traffic to manage anomalies and spikes that could indicate a DDoS attack.
  • Web Application Firewalls (WAFs): These identify and block malicious traffic targeting applications and provide application-level protection against certain types of DDoS attacks.
  • Scrubbing Centers: As mentioned above, these specialized data centers filter out malicious traffic before it reaches the origin infrastructure and only allow legitimate traffic through.
  • Behavior-based detection: The use of advanced analytics technologies to learn normal traffic behavior and quickly identify unusual patterns or spikes that could indicate DDoS.
  • Geo-blocking and IP whitelisting: Blocking traffic from specific geographic regions or only allowing traffic from trusted IP address ranges.
    Redundancy and failover systems: Setting up redundant systems and automatic failover mechanisms to maintain availability in the event of an attack.

DDoS origin protection is an essential part of the overall strategy for securing online services and applications, as it helps to ensure the availability and reliability of critical services even in the event of a large-scale DDoS attack. It is important that organizations adopt a layered defense strategy that integrates various protection mechanisms to defend against the wide range of DDoS attack techniques.

To defend against DDoS attacks, many providers rely on redirecting the IP address of an affected domain to their own IP. One disadvantage of this method is that the website operator is dependent on the respective provider. In addition, there is still the risk of an attack on the original IP address, which is often exposed by DNS settings such as MX records. In contrast, cloudshift® does not use IP renumbering. With cloudshift® DDoS mitigation services, the original IP address of the domain remains unchanged, which avoids the disadvantages mentioned above.

You have questions or need an individual offer?

Our cloud experts will be happy to answer your questions about the design, implementation and operation of your applications in the cloud. We look forward to your inquiry!

Talk to our expertsArrange phone appointment

hello@cloudshift.de

+49 69 17 53 73 46 - 0

Mon. till Fri. 9 a.m. till 5 p.m.