How Our DDoS Protection Works

Nearly all of our services use multiple layers of traffic filtering to mitigate DDoS attacks. Below is a brief rundown and explanation of how the protection works, from the beginning to end. We do not null route IPs ever! This means we will continue to mitigate attacks of any size towards your server. If you happen to experience connectivity issues during an attack, please contact us and we can help customize protection for your applications.

Locations this is used in:
- Montreal, Canada (OpenVZ VPS, Minecraft)
- Gravelines, France (OpenVZ VPS, Minecraft)
- Sydney, Australia (KVM VPS)
- Ashburn, VA (KVM VPS)

Traffic path while attack is being mitigated:
.. Public Network
... Backbone Routers 
.... Pre-Firewall (VAC) ↓
.... Network Firewall ↓
.... Tilera (Game Firewall) ["Game Anti-DDoS"] ↓
.... Arbor ↓
... Datacenter Routers 
.. Your Server

Here is an explanation of what each one does:

Pre-Firewall (VAC): The Pre-Firewall (VAC) blocks most common attacks, allowing TCP/UDP/ICMP/GRE and blocking other protocols.

Network Firewall:
The Network Firewall allows the client to add custom rules to modify traffic to their IP. This includes allowing/blocking IPs/IP ranges, allowing/blocking traffic protocols (AH,ESP,TCP,UDP,GRE,ICMP), allowing/blocking ports, allowing/blocking SYN/TCPs.

Tilera ["Game Anti-DDoS"]:
The Tilera (Game Firewall) allows clients to use customized filters for blocking L7 attacks towards their game or voice servers, such as Teamspeak, Ark, Minecraft, Source/CSGO, GTA, etc. This means only legitimate user traffic to the applications will be allowed to your server. It also limits ICMP, blocks DNS amp, malformed IP/UDP header/incorrect checksum. Note: The Tilera (Game Firewall) may not available in certain locations where game servers aren't offered.

The Arbor firewall is the last device traffic is sent through and does some of what previous methods do, including blocking things such as invalid TCP flags, incorrect TCP/UDP checksum, fragments, malformed IP header, etc.

  • Email, SSL
  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

Can I upgrade or downgrade my server plan?

If you have a VPS or Minecraft plan you can request an upgrade or downgrade of your service...

What payment methods do you accept?

We try to give access to our services to anyone in the world, so we accept dozens of payment...

Can I use my own operating system? What OS do you provide?

If you need to use an operating system that we don't provide pre-created templates for, open a...

Non-Profit Hosting

Here at ExtraVM, we take non-profit organizations seriously, we also donate some of our profit to...

Difference between KVM and OpenVZ VPS?

If you're looking at our VPS plans and are wondering whether you should choose OpenVZ or KVM,...