Distributed Denial of Service (DDoS) attacks are a nearly instantaneous volumetric assault on the intended target through the use of a massive number of networked machines (often called “Zombies”). These overwhelming attack packets clog the links of the victim and exhaust the resources of the network infrastructure, disabling a legitimate user’s access.

Recently, there has occurred super-large scale DDoS attacks of up to 300G and multi-round month-long attacks on the banking industry; with many government and enterprise websites worldwide falling victim. These constant attacks, sometimes at increasing scale, pose immense threats to all levels of networks.

Generally speaking, DDoS attacks can mainly be classified into two types based on their different features:
    1) Traffic-based attacks
    2) Application-based attacks

Traffic-based attacks can lead to an unavailability of the network infrastructure and congestion of available bandwidth. Application-based attacks directly target various applications to deliver a potentially fatal blow. There also has emerged a noteworthy trend for DDoS targeting Web systems — the hybrid attack, which mixes traffic-based and application-based attacks. This style attack can thwart any single – layer DDoS protection measure. No matter the attack type, they represent a direct threat to carriers and service providers, data centers, enterprises and various other businesses. 

Based on decades of research of DDoS technologies, NSFOCUS has developed a complete set of dedicated DDoS protection products, covering traffic detection, cleaning and management. The first 100M NSFOCUS Anti-DDoS System (NSFOCUS ADS) was released in 2001. Since then, NSFOCUS DDoS protection products have also diversified to orient to different threats as they arise and have been expanding their protection power. At present, the NSFOCUS ADS offers up to 20Gbps line-speed protection, which can provide hundreds of Gbps of mitigation power as total via device clusters to defend against volumetric DDoS attacks.

NSFOCUS' dedicated DDoS protection products can be deployed out-of-path in the backbone routers on large-scale networks or deployed in-line at the access point of small-scale networks to combat both the high-volume and most complicated DDoS attacks and application-based (or slow-rate DDoS attacks), ensuring pure inbound traffic.
The NSFOCUS ADS systems are capable of delivering the following DDoS protection capabilities:

  • Preventing DDoS attacks on the network layer, the transport layer and the application layer.
  • NSFOCUS ADS can defend against not only DDoS attacks on the transport layer, like SYN Flood, SYN-ACK Flood, ACK Flood, FIN/RST Flood, UDP Flood, ICMP Flood and IP Fragment Flood, but also those targeting the application layer, such as HTTP GET /POST Flood, slow-rate attacks, DNS attacks, game service attacks and audio/video attacks. Furthermore, in terms of application scenarios, the ADS system can defeat DDoS attacks launched via multitude agent servers, like CDN and WAP gateways.   

  • Intelligent DDoS Protection.
  • Instead of relying solely on traditional fingerprint matching or other similar methods, the NSFOCUS ADS conducts behavior anomaly detection and filtering by virtue of an embedded “intelligent multi-layer identification and cleaning matrix” which consolidates the mechanisms of anti-spoofing, protocol stack behavior analysis, specificapplication protection, user behavior analysis, dynamic fingerprint identification, bandwidth control and so forth. 

  • Flexible deployments.
  • NSFOCUS DDoS protection products support multiple deployment modes, including in-line, in-line cluster, out-of-path and out-of-path cluster. In out-of-path deployment, the products support multiple protocols for traffic diversion and re-injection, catering to various deployment demands in complicated network environments.   

  • Volumetric DDoS protection.
  • Depending on deployment design, the ADS defense system can mitigate volumetric DDoS attacks ranging from several to hundreds of Gbps.

  • Complete Anti-DDoS solution.
  • Providing complete anomaly traffic detection, attack defense, device management, report generation and value-added operation.

  • Extensive product models.
  • NSFOCUS address both “all-in-one” (attack detection, defense and monitoring management) products to small to medium businesses (SMBs) with speedy deployment, all the way up to integrated DDoS protection solutions for carriers, IDCs, and large enterprise to fight against high-volume and the most sophisticated of DDoS attacks.