The scrubbing centre's special deep traffic inspection technologies are able to determine which packets are regular customer traffic and which are components of a DDoS attack. The scrubbing centre intercepts DDoS attack packets and deflects them so that they are not passed on to the customer.
DDoS (Distributed Denial of Service) attacks are aimed at restricting the availability of a service (e.g. a website). A characteristic feature of an attack is that it mobilises a large number of IP addresses simultaneously (thus inhibiting simple blocking) and, at the same time, it is so strong that it can rapidly clog up the available transmission bandwidth, the system resources of the attack target and transport infrastructure components with ballast which is highly variable and impossible to foresee.
Effective protection against DDoS attacks requires the application of deep traffic inspection methods and mechanisms readily adaptable to various forms.
ČDT-ANTIDDOS is available as two different options:
- Scrubbing standby – when a DDoS attack is detected, traffic is rerouted to the scrubbing centre. Traffic is rerouted and scrubbing begins within 4 minutes of the launch of a DDoS attack.
- Continuous scrubbing – the subscriber's traffic is continuously routed via the scrubbing centre. Scrubbing begins within 1 minute of the launch of a DDoS attack.
- timely DDoS attack detection in internet connectivity
- removal of ballast
- no service restrictions or unavailability
- fully automatic solution with no need for manual intervention
- much faster response time to a DDoS attack
- less of a strain on the network operator's active components
The service intercepts the following types of attack:
- attacks generated by known tools available on the internet
- DDoS traffic generated by known botnets
- SYN FLOOD
- TCP ACK + FIN FLOOD
- TCP RST FLOOD
- TCP SYN + ACK FLOOD
- TCP fragmentation FLOOD
- UDP FLOOD
- ICMP FLOOD
- IGMP FLOOD
Service target group:
- local internet service providers
- large and medium-sized companies
- central and local government bodies
- content providers
- news servers
- e-shop operators
- financial institutions
- the unavailability of a service (the customer's e-shop or website) triggered by a DDoS attack
- losses caused by DDoS attacks that cannot be simply blocked by conventional means
- congestion of available transmission bandwidth and system resources targeted by the attack
- congestion of transport infrastructure components with ballast, which tends to be highly variable and impossible to foresee
- unfair competitive practices via DDoS attacks
ČDT-ANTIDDOS is a supplementary service coupled with the internet access provided by ČD - Telematika.