- • Performance up to 20 million packets per second, depending on the configuration
- • Protection against TCP SYN Flood and fragmented UDP Flood
- • Torrents and P2P
- • Protection against DDoS (LOIC etc) basing on The Turing Test (Human Detection)
- • Dynamic control of the bandwidth, common and up to a separate IP
- • Prioritization by common bandwidth and separate IP protocols
Spectre DPI Protection against DOS and DDOS attacks
Spectre DPI has built-in protection against Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks – these are types of attacks on computer systems, when users cannot access the provided system resources or this access is difficult.
The attack is carried out from the attacker’s computer or entire network (botnet) of devices, and this can be any device having access to the Internet (router, TV, tablet, etc.). User may not know that attack is carried out from his or her device. In this case, protection of remote resources and applications should be performed by the carrier’s equipment.
Protection mechanisms of DoS attacks
In the case of a DoS attack, it is important for an attacker to disguise the return address so that it cannot be blocked by IP. Therefore, a DoS attack is the bombardment of the victim’s servers in separate packets with a bogus return address. Denial of service in this case occurs either due to an overflow (clogging of traffic) of the channel rented by the client, or when bombarded with packages that cause an increased expenditure of resources on the system under attack.
Spectre DPI contains a high-performance protection mechanism against TCP SYN Flood and fragmented UDP Flood attacks, allowing you to process up to 20 million packets per second, depending on the configuration.
To carry out a DDoS attack, an attacker has a large network of remotely controlled computers (BOTNET) and he no longer needs to hide the IP address of each of them 1) In this case, the attacker can simply imitate the actions of legitimate users of the site, but due to the large number of computers involved in the attack (sometimes hundreds of thousands), even such actions will cause a greater load on the site and lead to failure in the area. Usually, attackers choose to call the most resource-intensive requests to the attacked site in order to minimize the number of computers participating in the attack, whose IP addresses will be exposed after the attack.
Often, different types of behavioral DDoS protection are used to protect against such attacks with varying degrees of effectiveness. They allow defining deviations in normal behavior. We offer a simple and very effective approach - using Turing test (page with CAPTCHA. Completely Automated Public Test), a computer test used to determine whether a user of the system is by computer.
Protection works as follows
- When the threshold value is exceeded, for example, the number of requests per second is comfortable for the site, protection is activated
- Only users in the white list are allowed to work with the site, all others are redirected to the page with CAPTCHA to check for "humanity"
- Users who successfully pass the test are added to the white list and their further work with the site is not overshadowed
- Users who have not passed the test (BOTS) cannot advance further to the detecting page and create any load on the attacked site
The Turing Test (CAPTCHA pages) to protect against DDoS
This computer test determines who the user of the system is - a person or a computer.
If the threshold value is exceeded, for example, the number of requests per second comfortable for the site, the protection is activated and the user needs to enter information from CAPTCHA to confirm that he or she is not involved in the botnet network, and only then access to the site will be allowed.
After confirmation, the user is entered into the “white list” and is no longer subject to checks.
Fragmented UDP Flood protection against DoS
This type of attack is carried out by fragmented udp-packets, usually a short one, for the assembly and analysis of which the attacked platform is forced to spend a lot of resources.
Protection is carried out by discarding a set of protocols that is irrelevant for the protected site or rigid restriction of them over a passed band.
TCP SYN Flood protection against DoS
SYN Flood attack causes an increased consumption of resources of the attacked system. Denial of service occurs when the flow of SYN-flood is 100 000 - 500 000 packets per second. At the same time, even a gigabit channel will allow an attacker to send to the attacked site a stream of up to 1.5 million packets per second.
Spectre DPI detects independently an attack on exceeding a specified threshold of unconfirmed SYN requests and, instead of the protected site, responds to SYN requests and organizes a TCP session with the protected site after confirmation of the request by the client.