DDoS protection
Protecting your services against DDoS attacks is comparable to essential insurance, because the question is not if, but rather when, you will be the victim of a DDoS attack. With zero-loss, we combine several proprietary technologies with powerful network hardware from leading manufacturers in order to be able to meet every customer requirement, from protecting individual servers and applications to entire networks and data centers.
After a decade of successful DDoS defense, we know:
Criminal prosecution of DDoS attacks is only possible in rare cases — and even in these cases, it is of absolutely no use to immediately correct the disruption of your services. Only DDoS protection provided by experienced experts, which can be individually adjusted to harmful and legitimate data traffic, helps against DDoS attacks.
Effective DDoS Protection: Our Clear Objective
While many providers treat DDoS protection primarily as a fallback measure to protect their own network, often blocking legitimate traffic as well during an attack, our approach is clear: the attacked target application should remain reachable. That is why we filter out malicious traffic almost entirely before it ever reaches your application. To achieve this, we rely exclusively on our own IP backbone and filtering infrastructure, ensuring that we never act as a reseller or depend on third-party suppliers at any point.
Get in touch with an expert
Figures, data and facts
Why dataforest
Your server: always protected
Regular backups and free protection against DDoS attacks are just a few of our security measures for you.
24/7 support
Our team of experts is available 24/7 in case of an emergency.
Zero-downtime principle
The "zero-downtime principle" describes that maintenance work affecting the core of our infrastructure is planned and carried out in such a way that there is no failure.
More than just a service level agreement
We are happy to conclude a service level agreement (SLA) with you. But you can expect so much expertise and quality from us that you won't even need it.
DDoS protection products
We can adapt any component to your request, simply ask us for the desired configuration.
Basic Protection
All products operated within our infrastructure include Basic Protection against DDoS attacks. It automatically filters common attack patterns at no additional cost, regardless of the intensity or duration of the attack. Volumetric attacks are already heavily rate-limited or pre-filtered at our network edge.
Contact us nowImplementation options
Layer 2 transport
We announce your IP networks via our network (AS58212) and forward the cleaned traffic directly to one of our Points of Presence (POPs). When it comes to connectivity, we are extremely flexible and can provide bandwidths of 10, 40, 100 and even 400G per port.
GRE Tunnel
Similar to layer 2 transport, but without a physical connection. We use a GRE tunnel that can easily handle high bandwidths on our Juniper MX routers. Recommended when a physical connection is not possible.
Dynamic BGP protection
We place a software appliance on your network that detects attacks and routes your subnet across our infrastructure as needed to block the attack. This only happens in the event of an attack, otherwise your network remains autonomous. Clean data traffic is transferred either via layer 2 or GRE.
How our DDoS protection works
Unlike many competitors, we rely on a DDoS protection architecture that we have consistently optimized for operational use based on our own expertise. Potentially at-risk traffic is permanently routed through the DDoS protection layer. The key advantage is that mitigation mechanisms do not need to be provisioned or activated only when an attack occurs; instead, they are already present in the data path. As soon as defined thresholds are reached, filtering is applied automatically and without any additional upstream analysis or switchover delay. Outbound connections initiated by customer servers are also taken into account, allowing even those attacks to be effectively mitigated that conventional market solutions without symmetric filtering cannot detect at all or can only detect inadequately.
Our defense against DDoS attacks works on multiple levels. Clearly invalid traffic—for example amplification/reflection attacks or UDP traffic to TCP ports—never reaches our routers, because upstream infrastructure filters it out or limits it to a minimum. Our routers apply further pre-filtering and steer remaining traffic to our own scrubbing center, which performs granular filtering of all traffic and only forwards legitimate traffic to the target. The scrubbing systems also generate automated filter rules (BGP Flowspec) used by routers and carriers for additional pre-filtering.
Our protection automatically recognizes known services on a protected IP through service scanning. Based on the detected protocol or application, the appropriate filter profiles and thresholds are applied without you having to assign them manually. Protection stays aligned with the services you actually run and adapts when the service mix on that IP changes.
Against an additional fee, you can configure your DDoS protection to suit your needs with our DDoS Manager. You can adjust the filter profiles and thresholds tailored to your applications. Additionally, you can enable or disable DDoS protection.
Protection for your own IP prefixes and AS numbers (BYOIP/BYOAS) via BGP can also be provided. In this case, the DDoS Manager is required, as filtering profiles and thresholds must be individually aligned with your infrastructure. In addition to the surcharge for the DDoS Manager, separate BGP connectivity charges will apply.
How our DDoS protection works
Our DDoS protection architecture combines multi-layered filtering mechanisms, automated service detection through service scanning, and our many years of expertise into a comprehensive protection concept.
Get in touch with an expertDDoS Protection: A Success Story
Learn about our journey and developments in DDoS protection technology, which have made us leading experts in the industry.
First DDoS attacks on our hosting services — and this at a time when DDoS protection is invaluable for medium-sized companies. Our passion for DDoS protection grew out of the initial need.
The first vServer products with free DDoS protection, which is virtually not included anywhere at this time, are being released at a new location and are very popular on the vServer market.
Our last host systems are moving to the new location — every customer now enjoys free DDoS protection regardless of the purchased product.
Implementation of our new DDoS protection under the project name zero-loss, which allows us to eliminate final dependencies on individual market players and create an independent, redundant solution that offers maximum reliability and scalability.
Everything you need to know about DDoS protection
Here you can find answers to frequently asked questions
A distributed denial of service (DDoS) attack is a malicious way to cripple a website or online service by overloading it with a massive amount of requests or traffic. Attackers use a network of compromised computers and devices known as a botnet to send requests at the same time. This flooding causes the target's servers, networks, or applications to become overloaded and either respond extremely slowly or completely fail. The goal of a DDoS attack is to affect the availability and performance of affected services, resulting in downtime and disruption for users.
DDoS attacks fall into several major categories. Volume-based attacks flood networks with massive traffic to deplete bandwidth. Protocol attacks exploit vulnerabilities in network protocols to burden servers or networks. Application-based attacks target specific applications by sending complex requests to overburden them. There are also combined attacks that mix different methods to overcome the defense mechanisms and cause extensive overloads.
All of our products are protected against DDoS attacks as standard. For customers with special requirements for individual filter rules, etc., we offer tailor-made anti-DDoS solutions. We operate our network and DDoS protection completely ourselves, so that we can adequately protect every new customer from attacks — regardless of the size, intensity and duration of the attacks.
Even more dataforest highlights
IT consulting
Are you planning a comprehensive IT project and need professional support? Regardless of whether you want to set up a web hosting infrastructure yourself or want to modernize your corporate network — we feel at home in complex network and system landscapes.
Financing & rental purchase
Protect your liquidity with our attractive financing models. If you want to store your hardware at one of our data center locations, we would be happy to offer you financing for your own hardware.
