Solutions Based on Content Distribution Networks

CDN, DDoS Protection, Video Platform


Protection Against DDoS Attacks With the arrival of IoT and as smart home appliances spread, new waves of distributed denial of service attacks (DDoS) heavily affect many websites. Not only banks, organizations, and online shops, but even small personal websites are now facing this attacks frequently.
ArvanCloud can easily and simply help you defend your website and services against DDoS attacks without any need for you to change your host, your network architecture, or your code.
ArvanCloud uses advanced anycast architecture and its GSLB technology to fend off all kinds of attacks, whether it is UDP, TCP, layer 3 or layer 4 ICMP, layer 7, or DNS server attacks.
Contact us
Share this page

Layer 3 and Layer 4 Attacks Network layer attacks are the most common kind of DDoS attacks on the Internet. In every quarter, various vulnerabilities are found which give rise to millions of bots. This situation makes the statistics on attack types vary from time to time, but it can be safely said that %90 of all attacks are network layer attacks.

SYN Flood The method of SYN Flood attacks has its roots in the structure of TCP protocol. Establishing a stable connection through TCP protمocol consists of three parts.
In this type of attacks, the attacker generates a large number of TCP/SYN packets with a forged sender address, and sends them to the victim. The victim machine handles each of these packets like a connection request and tries to establish a connection by sending back a SYN-ACK packet; but since the senders’ addresses are fake, connections remain half-open, for a response that never comes. Very soon the system reaches its maximum allowed number of connections and all or most of the system resources are engaged with theses fake connections, denying service to normal users.

UDP Flood Attack In this method, the attacker sends a large number of UDP packets to several random ports. At first, for each port the operating system looks for an application listening to it; and when the OS fails to find one and makes sure that there are no services on the system listening to that port, its sends back ICMP Destination Unreachable packets in response. This process heavily engages system resources, making the system unreachable for users.

Reflected Attacks and Amplification Attacks In a reflected attack, the attacker generates a large number of forged packets with the victim’s IP address as the sender, and sends them to a large pool of servers and computers. Thus, all these systems reply by sending back packets to the victim’s address. This takes up the victim’s bandwidth and other resources, rendering the service unresponsive.
In a more advanced model of these type of attacks, which is known as Amplification Attack, the hacker sends certain requests that their replies are much larger in size. In DNS Amplification method, the replies are as much as 179 times larger than the request packet, and in NTP Amplification method they get as much as 556 times larger. For instance, a hacker can flood the victim with 556GB of data using only 1GB himself.
Since reflected and amplification techniques can enlarge an attack more than 500 times, they were once considered the most dangerous DDoS attacks. But today they make up only about %5 of all these attacks.
Layer 7 Attacks Although application layer attacks compose only about %10 of all attacks, but it is one of the most complicated kinds of DDoS. Imagine hundreds of thousands of infected devices including home PCs, servers, and even home internet modems that had not been securely setup, simultaneously sending requests to a website.
Most countermeasures for DDoS attacks are ineffective against this type, and the attacked servers or website will go down very easily.
But with ArvanCloud fighting this type is very simple. In ArvanCloud’s panel, there are three levels of protection available against layer 7 attacks:

General In this case, users will not notice anything different in your website’s performance, but the bulk of robots that are unable to set cookies and use it in other connections will stay out.

Professional If the attacking bots turn out to be more advanced, you can enable this level for your protection. This level uses some kind of encryption method to identify and keep out even bots that simulate human behavior. When a user tries to connect to your website, for a few seconds they will see a page that attempts to verify them as humans.

Enterprise Suppose that attacking bots were even stronger than usual. In this case, we turn to advanced verification which shows a security code or captcha to the user and asks them to identify a set of pictures. Since the traffic for this pages and their processing happens outside of your servers, this method stands among the most effective measures against layer 7 DDoS attacks.

Obsolete Attacks Sometimes names such as Smurf, Nuke, Teardrop, Ping of Death, etc. are mentioned as DDoS attack methods. These types of attacks are mostly obsolete or rendered ineffective, and are mostly used against older devices and infrastructure, easily neutralized in modern structures. ArvanCloud scans for these types as well, and has put in place efficient countermeasure.
ArvanCloud doesn't require you to buy hardware, change any code or change your host provider. Simply move your nameservers to ArvanCloud and set up your domain with a few clicks.
Arvancloud CDN Pricing

DNS Service

Free

  • Includes Ulimited Bandwidth Traffic Per Month
  • $0.00 Per GB Overage
  • IP Anycast Architecture
  • 99.9% Uptime
  • Easy DNS Management
  • Unlimited Requests
  • Ticket Support
Economy plan is not available until further revision.

Basic

0.9

month/$

  • Includes 15 Gigabyte Bandwith Traffic Per Month
  • $0.07 Per GB Overage
  • Simple DDoS Protection
  • CDN
  • Compression and Optimization
  • Logging and Monitoring
  • Ticket Support

Pro

 90

 month/$

  • Includes 1500 Gigabyte Bandwith Traffic Per Month
  • $0.06 Per GB Overage
  • DDoS Protection (L3/4, L7)
  • Web Application Firewall (WAF)
  • Cluster Management
  • Socket and Request Management
  • Phone Support

Enterprise

 Contact us

 

  • Includes Unlimited Bandwith Traffic Per Month
  • Stepped Pricing
  • Advanced DDoS Protection
  • Advanced LoadBalancing Structure
  • Error Customization
  • Detailed Logging and Monitoring
  • 24/7 Support

Basic

490,000

IRR/Month

  • Includes 90 Gigabyte Bandwith Traffic Per Month
  • Includes 9 Gigabyte Cloud Storage
  • 6,990 IRR Per Additional One Gigabyte Traffic
  • Based on CDN Architecture
  • Custom Audio and Video Bitrate
  • Watermark
  • Defining Default Configuration

Economic

3,490,000

IRR/Month

    • Includes 900 Gigabyte Bandwith Traffic Per Month
    • Includes 90 Gigabyte Cloud Storage
    • 4,990 IRR Per Additional One Gigabyte Traffic
  • API
  • Adaptive Bitrate Streaming
  • HLS and DASH Support
  • Includes All Basic Features

Pro

19,000,000

IRR/Month

  • Includes 9000 Gigabyte Bandwith Traffic Per Month
  • Includes 900 Gigabyte Cloud Storage
  • 2,990 IRR Per Additional One Gigabyte Traffic
  • Live Streaming
  • DRM
  • Content Encryption
  • Includes All Economic Features

Enterprise

69,000,000

IRR/Month

  • Includes 90000 Gigabyte Bandwith Traffic Per Month
  • Includes 9000 Gigabyte Cloud Storage
  • 990 IRR Per Additional One Gigabyte Traffic
  • Ads Support
  • Private Domain Name
  • RTMP and RTSP Support
  • Includes All Pro Features