How Our DDoS Protection Works

Nearly all of our services use multiple layers of traffic filtering to mitigate DDoS attacks. Below is a brief rundown and explanation of how the protection works, from the beginning to end. We do not null route IPs ever! This means we will continue to mitigate attacks of any size towards your server. If you happen to experience connectivity issues during an attack, please contact us and we can help customize protection for your applications.

Note: Clients can manage the network firewall and game firewall (if applicable) for IPs that they are assigned in the client area after ordering. This lets you modify network firewalls rules, enable or disable the network firewalls, and enable or disable permanent mitigation. You can read more about this feature here.

Locations this is used in:
- Montreal, Canada (OpenVZ VPS, Minecraft)
- Gravelines, France (OpenVZ VPS, Minecraft)
- Singapore (KVM VPS, Minecraft)
- More soon...

Traffic path while attack is being mitigated:
.. Public Network
... Backbone Routers 
.... Network Firewall ↓
.... Pre-Firewall ↓
.... Tilera (Game Firewall) ["Game Anti-DDoS"] ↓
.... Shield / Armor ↓
... Datacenter Routers ↓
.. Your Server

Here is an explanation of what each one does:

Pre-Firewall: The Pre-Firewall (VAC) blocks most common attacks, allowing TCP/UDP/ICMP/GRE and blocking other protocols.

Network Firewall:
The Network Firewall allows the client to add custom rules to modify traffic to their IP. This includes allowing/blocking IPs/IP ranges, allowing/blocking traffic protocols (AH,ESP,TCP,UDP,GRE,ICMP), allowing/blocking ports, allowing/blocking SYN/TCPs.

Tilera ["Game Anti-DDoS"]: The Tilera (Game Firewall) allows clients to use customized filters for blocking L7 attacks towards their game or voice servers, such as Teamspeak, Ark, Minecraft, Source/CSGO, GTA, etc. This means only legitimate user traffic to the applications will be allowed to your server. It also limits ICMP, blocks DNS amp, malformed IP/UDP header/incorrect checksum. Note: The Tilera (Game Firewall) may not available in certain locations where game servers aren't offered.

Shield / Armor:
The Shield and Armor firewalls are two mitigation layers traffic is sent through and does some of what previous methods do, including blocking most known attacks that work via amplication methods. These are developed by OVH and don't rely on a third partys hardware or software.

  • 6 Users Found This Useful
Was this answer helpful?

Related Articles

Can I upgrade or downgrade my server plan?

If you have a VPS or Minecraft plan you can request an upgrade or downgrade of your service...

What payment methods do you accept?

We try to give access to our services to anyone in the world, so we accept dozens of payment...

Use MobileCraft & PocketPanel App to manage your server

If you have an iPhone or iPad you can download the MobileCraft app to manage your Minecraft...

Non-Profit Hosting

Here at ExtraVM, we take non-profit organizations seriously, we also donate some of our profit to...

IP Management

Our IP Management page lets clients change key features to the DDoS protection and network...