Anti-DDoS

Keep your infrastructures protected against distributed denial-of-service attacks.

MQ Planet offers the most powerful anti-DDoS solution on the market.

It provides your services with round-the-clock protection against all types of DDoS attack, without any limitations in terms of volume or duration.

Image

What is anti-DDoS protection?

As the volume of data that exists on the internet grows exponentially, distributed denial-of-service (DDoS) attacks are becoming increasingly common.
A DDoS attack aims to make a server, service or infrastructure unavailable. An attack can take on different forms. It may saturate the server’s bandwidth to make it unreachable, or it may overwhelm the machine’s system resources, stopping it from responding to legitimate traffic.

During a DDoS attack, requests are sent in high numbers at the same time from multiple points on the internet. The intensity of this crossfire renders the service unstable, and sometimes unavailable.

 
MQ Planet created the anti-DDoS solution precisely to fight against these distributed denial-of-service attacks. With all of our services, we include a mitigation solution based on a unique system, which combines three technologies to:

  • analyse data packets quickly, in real-time
  • divert your server’s incoming traffic
  • separate non-legitimate requests from others and let legitimate traffic pass through

The progression of a DDoS attack

  1. The server is operational. It sends and receives packets normally.
  2. A DDoS attack starts in different ways — it may overload the bandwidth, or overwhelm the system resources.
  3. The network becomes overloaded, and the server is then unable to process legitimate packets among the mass of incoming data.

Managing a DDoS attack

The server is working

Services can be accessed via the internet. Traffic travels through the backbone of our network, arrives in our datacentres, and is then processed by the server, which sends responses to the internet.

The DDoS attack starts

The attack is launched from one or more websites, and arrives at our backbone. Thanks to our very high bandwidth capacity, no links are saturated. The attack then reaches the server, which begins to process it. At the same time, the traffic analysis detects that a DDoS attack has started, and mitigation is triggered.

The VAC mitigates the attack

Mitigation begins within a few seconds. The server’s incoming traffic is vacuumed up by our VAC solution. The VAC’s hardware has a total capacity of 4 Tbit/s. The attack is then blocked without any limitation on its volume or duration, regardless of which technique it uses. Legitimate traffic is not blocked and reaches the server. This process is also called auto-mitigation, and is completely managed by MQ Planet.

The DDoS attack ends

A DDoS attack is expensive to launch, especially if it turns out to be ineffective. After a certain amount of time, it will come to an end. Our anti-DDoS solution deactivates automatically when the attack is over, and stays ready to mitigate a new attack straight afterwards.

Mitigation

Mitigation refers to the methods and techniques put in place by MQ Planet to contain and reduce the negative impacts of DDoS attacks on an infrastructure or service. To do this, we provide VAC technology, which relies on a unique combination of techniques that perform three tasks.

Analysis

An attack is detected using real-time analysis of the netflow sent by the routers, which analyse 1/2000 of the traffic that goes through them. The VAC analyses the reports, and compares them to the characteristics of DDoS attacks. If a similarity is detected, mitigation is then triggered automatically.

The analysis of characteristics is measured by packets per second, or in bytes over several protocols, including:

  • DNS
  • ICMP
  • IP fragmentation, Null and Private
  • TCP Null, RST, SYN, ACK
  • UDP

Vacuuming

Vacuuming is one of the main features that makes the MQ Planet anti-DDoS solution stand out. Channelling a DDoS attack requires a high capacity to bear the load. With its 15 Tbit/s network, OVH infrastructures can absorb a very high volume of traffic during DDoS attacks. Another specific feature of the OVH MQ Planet is the fact that it is replicated in 10 datacentres across three continents. The MQ Planet is activated simultaneously in all of these datacentres, so that all regions can combine their power and absorb the traffic. They have a combined capacity of more than 4 Tbit/s.

Mitigation

Mitigation refers to the methods and techniques put in place in order to reduce the negative effects on a server or service targeted by a DDoS attack. Mitigation consists of filtering traffic, so that only legitimate traffic reaches the server.

The VAC, a technology designed by MQ Planet, carries out several filtering tasks which each have their own specific purpose. The VAC diverts the traffic to analyse it, and only lets legitimate traffic reach the server.

logo.png

Wasfi Al-Tal Street
building 129, 11953
Amman -Jordan.

Follow Us

Search