Traffic-based attacks can lead to an unavailability of the network infrastructure and congestion of available bandwidth. Application-based attacks directly target various applications to deliver a potentially fatal blow. There also has emerged a noteworthy trend for DDoS targeting Web systems — the hybrid attack, which mixes traffic-based and application-based attacks. This style attack can thwart any single – layer DDoS protection measure. No matter the attack type, they represent a direct threat to carriers and service providers, data centers, enterprises and various other businesses.
Based on decades of research of DDoS technologies, NSFOCUS has developed a complete set of dedicated DDoS protection products, covering traffic detection, cleaning and management. The first 100M NSFOCUS Anti-DDoS System (NSFOCUS ADS) was released in 2001. Since then, NSFOCUS DDoS protection products have also diversified to orient to different threats as they arise and have been expanding their protection power. At present, the NSFOCUS ADS offers up to 20Gbps line-speed protection, which can provide hundreds of Gbps of mitigation power as total via device clusters to defend against volumetric DDoS attacks.
NSFOCUS' dedicated DDoS protection products can be deployed out-of-path in the backbone routers on large-scale networks or deployed in-line at the access point of small-scale networks to combat both the high-volume and most complicated DDoS attacks and application-based (or slow-rate DDoS attacks), ensuring pure inbound traffic.
The NSFOCUS ADS systems are capable of delivering the following DDoS protection capabilities:
NSFOCUS ADS can defend against not only DDoS attacks on the transport layer, like SYN Flood, SYN-ACK Flood, ACK Flood, FIN/RST Flood, UDP Flood, ICMP Flood and IP Fragment Flood, but also those targeting the application layer, such as HTTP GET /POST Flood, slow-rate attacks, DNS attacks, game service attacks and audio/video attacks. Furthermore, in terms of application scenarios, the ADS system can defeat DDoS attacks launched via multitude agent servers, like CDN and WAP gateways.
Instead of relying solely on traditional fingerprint matching or other similar methods, the NSFOCUS ADS conducts behavior anomaly detection and filtering by virtue of an embedded “intelligent multi-layer identification and cleaning matrix” which consolidates the mechanisms of anti-spoofing, protocol stack behavior analysis, specificapplication protection, user behavior analysis, dynamic fingerprint identification, bandwidth control and so forth.
NSFOCUS DDoS protection products support multiple deployment modes, including in-line, in-line cluster, out-of-path and out-of-path cluster. In out-of-path deployment, the products support multiple protocols for traffic diversion and re-injection, catering to various deployment demands in complicated network environments.
Depending on deployment design, the ADS defense system can mitigate volumetric DDoS attacks ranging from several to hundreds of Gbps.
Providing complete anomaly traffic detection, attack defense, device management, report generation and value-added operation.
NSFOCUS address both “all-in-one” (attack detection, defense and monitoring management) products to small to medium businesses (SMBs) with speedy deployment, all the way up to integrated DDoS protection solutions for carriers, IDCs, and large enterprise to fight against high-volume and the most sophisticated of DDoS attacks.