JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

Full text

(1)

www.blockdos.net

Don’t let a DDoS attack bring your online business to a halt

we can protect any server in any location

JUST FOR THOSE WHO

CAN’T TOLERATE DOWNTIME

(2)

2

DDoS Implementation

is as Follows...

• Client will provide us domain name and IP address of their server (backend) along with SSL (if applicable).

BlockDos will do a setup on their clusters and provide a Proxy IP (frontend) to the client.

BlockDos will also provide a list of IPs or IP ranges to the client in order to white list them in the firewalls.

• Client will change the record of the domain from there DNS (or BlockDos DNS) to Blockdos Proxy IP.

• Attack traffic will be filtered at the router level or at proxy level (which ever applicable).

• Proxy will then take the client request along with X-forwarded-for header to backend server and gives back client with the info requested.

• Attack or Bad traffic will be discarded or the bad IP may be sent back to router to add in temporary block list.

• It is recommended to block all the traffic at firewall and allow only certain IPs. Additional security will be provided if the backend IP address gets changed. Advance mitigation includes balancing the traffic between multiple IPs. Or restricting it for some specific countries only.

• All the traffic will start coming to our protected proxies.

DON’T GET STUCK ON

THE ROAD OF SUCCESS…

LET THE TRAFFIC RUN

ON YOUR TERMS WITH

BLOCKDOS

30 Minutes

IMPLEMENTATION

PLAN

We have multiple locations for DDoS Mitigation, which allows clients to have lowest latency and prefences as well.

Depending on the size and type of the attack, locations can be changed or combined to handle large or complex attacks.

DDDoS attacks have rapidly become a common place threat

to doing business on the internet. With over 50, 000 distinct attacks per week, denial of service has become the most costly form of cyber-crime business face today. In response, BlockDos provides class-leading global DDoS mitigation service that protects internet operations from the debilitating service disruptions caused by DDoS attacks.

• TCP SYN Flood • TCP ACK Flood • UDP Flood Attack • HTTP Flood Attack • UDP Flood Attack (Trinoo) • ICMP Echo Request Flood

• TCP SYN - ACK Reflection Flood (DRDoS)

• Tribe Flood Network and Tribe Flood Network 2000

Threat types we deal in

• Finnancial Institutions • Banks • Air Lines • Government Sector • Pharmaceuticals • Stock Exchange • E-Commerce Stores Industries we serve

(3)

4

BlockDos has established peering connections

with multiple core Internet Service Providers to provide multi-gigabit attack protection. Each peer is closely monitored and

continously evaluated in order to deliver the fastest response time to customer's evaluated in order to deliver the fastest response time to customer's critical and latency-sensitive applications.

At BlockDos border, traffic is filtered for

bandwidth flood using wire-speed Access Control Lists. BlockDos also keeps tracking lists of bogon IPs and infected hosts which are also filtered at this layer.

Hi-Speed Border Filtering

At this level, protocol state such as TCP three-way handshake is verified. SYN DDoS flood and other similar DDoS attack attempts that do not conform to protocol standard are also filtered out.

To mitigate spoofed attacks, BlockDos uses challenge-response algorithms like TCP SYN cookie and TCP SYN Authentication to distinguish between spoofed and legi timate traffic.

Deep Packet Inspection

BlockDos enforces both Statistical Analysis

and Anomaly Recognition filtering for zero day attacks. Using tatistical Analysis, unusual number of packets or high traffic rate from zombie clients can be identified and filtered. Using Anomaly recognition, auto-learning of normal baselines for protocol and source networks flows can be used to identify and filter malicious activities.

Adaptive Filtering

BlockDos deep packet inspection engine

provides comprehensive application-layer intelligence, allowing BlockDos to understand what applications are running on the client's network to efficiently select and deter application traffic violations.

With increasing number of attacks from larger-sized clients (or zombies) using valid established connections to overwhelm the system resources, BlockDos anti-zombie system mitigates such HTTP attacks by using a challenge response authentication process to differentiate between legitimate browsers and zombie programs that access the attacked site.

To further mitigate application specific level attacks - HTTP attacks, BlockDos can enforce intelligent HTTP Malformed filtering to ensure the validity of HTTP transactions, and limit the number of connections or request to specific objects.

Application Level Filtering

BlockDos prevent DDoS Mitigation system

continously monitors application traffic for unusual pattern and behavior. Using its propretary pattern recognition and analysis system, BlockDos deters morphing HTTP flood attacks by adapting flexible-content filters to counter evasive intents rapidly.

Flexible-Content Filtering

Rate-limiting will be applied to further limit exploitation of system and bandwidth resources against baseline statistic.

Rate-Limiting

EVEN BIG DATA CENTERS

NEEDS HELP WITH DDoS SOME TIMES

BLOCKDOS IS THERE FIRST CHOICE!

cyber vandals use tools and shotdown victim websites.these online DDoS attacks can be

automated so the identity of the attackers remains untraced. TCP SYN Flood Attack.

DDoS

(4)

6

A denial-of-service attack (DoS attack) or

distributed denial-of-service attack

(DDoS attack) is an attempt to make a

computer resource unavailable to its

intended users. Although the means to

carry out, motives for, and targets of a

DoS attack may vary, it generally consists

of the concerted efforts of a person or

people to prevent an Internet site or

service from functioning efficiently or at

all, temporarily or indefinitely.

Perpetrators of DoS attacks typically

target sites or services hosted on

high-profile web servers such as banks,

credit card payment gateways, and even

root nameservers. The term is generally

used with regards to computer networks,

but is not limited to this field, for

example, it is also used in reference to

CPU resource management.

BlockDos guarantees 99.9% Uptime SLA on

Enterprise Protection Solution. No other provider in the industry can match this uptime. Just sit back and relax because your uptime is assured.

99.9% Uptime Guranteed

BlockDos provides true 24/7/365 technical

support. Ensuring client gets the best support which they deserve.

24/7/365 Professional Support

BlockDos have over 10+ mitigation centers

around the world. Thus we make sure that the client gets minimal latency and fastest speed possible. No waiting, no hassle, neither hardware nor software to buy. Just click and clean.

Multiple Mitigation Locations

Imagine you want to serve local traffic locally. And don’t want any of the international traffic coming to you. With our GEO DNS you can easily do that. You can specify different IPs for different countries. This solution has been successfully implemented for Government of Pakistan.

Geo DNS

You may have the bandwidth to handle traffic. But do you have adequate protection against low rate attacks? Attacks which pass your firewall like a real request? Worry no more. Contact us and we can install our custom appliance at your own location which can take care of that.

Local DDoS Protection

DDoS attacks have rapidly become a common place threat to doing business on the Internet. With over 50,000 distinct attacks per week, denial of service has become the most costly form of cyber-crime businesses.

50 Gbps+ DDoS Protection

WE VITALIZE

THE SUCCESS

OF OUR CLIENTS

For us our every Client is Important and Unique, and we give them

Exclusive Services.

WHERE FASHION IS COMFORT

R

BRAND

ENERGY & INFRASTRUCTURE SERVICES

entropay

in association with VISA

SHOE PARLOR

mens and ladies shoes

beautyneeds

MAZDA

BlockDos

Advantage

We do not filter based on geography or other methods that filter out large blocks of IP

address space. Our proprietary techniques only block malicious IP

addresses, on an IP by IP instance and on a continuous basis. This

(5)

w w w. b l o c k d o s . n e t

www.blockdos.net sales@blockdos.net

Karachi Office

Suite 1508-1511, Ceaser’s Tower, Shahra-e-Faisal, Karachi - Pakistan

Fax: +92-21-32785519 Phone: +92-21-32789744 +92-21-32789780 Islamabad Office 45-D, Service Road, Sector G-10/2 – Islamabad. Fax: +92-51-2291156 Phone: +92-51-4359122 +92-51-2211136 Canada Office

1515 Britannia Road East Suite 303 Mississauga, ON, L4W 4K1 Canada. Toll Free: 1-888-765-7776 Phone: 905-405-8786 USA Office 4909 Covewood Court Glen Allen VA, 23060 USA.

Toll Free: 1-888-765-7776 Phone: 804-868-8005

Figure

Updating...

References

Updating...