DDoS protection
Protecting your services against DDoS attacks is comparable to essential insurance, because the question is not if, but rather when, you will be the victim of a DDoS attack. With zero-loss, we combine several proprietary technologies with powerful network hardware from leading manufacturers in order to be able to meet every customer requirement, from protecting individual servers and applications to entire networks and data centers.
After a decade of successful DDoS defense, we know:
Criminal prosecution of DDoS attacks is only possible in rare cases — and even in these cases, it is of absolutely no use to immediately correct the disruption of your services. Only DDoS protection provided by experienced experts, which can be individually adjusted to harmful and legitimate data traffic, helps against DDoS attacks.
Effective DDoS Protection: Our Clear Objective
While for many providers, DDoS protection is more of an emergency solution to protect their own network and blocks all web traffic in the event of an attack on port 80/443, our claim is clear, in particular, to make the attacked target application reachable by filtering out almost 100% of the harmful traffic before it reaches your application. To do this, we rely entirely on our own IP backbone and filter network, so that we never act as a reseller or are otherwise dependent on suppliers.
Figures, data and facts
Why dataforest
- Support always Mon-Sat from 9 to 0 a.m.
- free 24/7 emergency hotline
Your server: always protected
24/7 support
Zero-downtime principle
More than just a service level agreement
DDoS protection products
We can adapt any component to your request, simply ask us for the desired configuration.
Permanent mitigation
For many applications, we offer tailor-made protection measures in which traffic to a specific IP is permanently routed via our granular DDoS protection infrastructure. On request, we can create further permanent mitigations and do this in practice also for individual customers/servers. With permanent mitigation, even complex attacks are filtered without delay and so-called “bypasses” are largely ruled out.
TeamSpeak
GTA
web server (HTTP, HTTPS)
Hurtworld
Counter-Strike (all versions)
Half-Life (all versions and mods)
MuOnline
SCP: Secret Laboratory
Alt:v
minecraft
Arma
OpenVPN
WireGuard
RDP (remote desktop)
Mumble
DayZ
DDnet
Rage:MP
MTA: SA
Conan Exiles
ARK
Unreal Tournament 99
Valheim
Sons of the Forest
Your own mitigation template
Particularly interesting for customers who purchase IP transit or colocation from us using their own IP networks. This can also be used to protect a large amount of IP (e.g. /24) either permanently or “on demand” using a filter template specifically tailored to your traffic profile. Our technicians first carry out an analysis of your clean and bath traffic; after a short fine adjustment, the protection usually no longer requires manual intervention by our technicians.
Basic protection
All products running within our infrastructure have basic protection against DDoS attacks. This automatically filters common attack patterns at no additional cost — regardless of the intensity and duration of the attack. Volumetric attacks are already severely limited/pre-filtered at our network borders.
Implementation options
Layer 2 transport
We announce your IP networks via our network (AS58212) and forward the cleaned traffic directly to one of our Points of Presence (POPs). When it comes to connectivity, we are extremely flexible and can provide bandwidths of 10, 40, 100 and even 400G per port.
GRE Tunnel
Similar to layer 2 transport, but without a physical connection. We use a GRE tunnel that can easily handle high bandwidths on our Juniper MX routers. Recommended when a physical connection is not possible.
Dynamic BGP protection
We place a software appliance on your network that detects attacks and routes your subnet across our infrastructure as needed to block the attack. This only happens in the event of an attack, otherwise your network remains autonomous. Clean data traffic is transferred either via layer 2 or GRE.
Ready to protect your network?
Tailored IT solutions. Since 2009.
DDoS Protection: A Success Story
Learn about our journey and developments in DDoS protection technology, which have made us leading experts in the industry.
2011
First DDoS attacks on our hosting services — and this at a time when DDoS protection is invaluable for medium-sized companies. Our passion for DDoS protection grew out of the initial need.
2015
The first vServer products with free DDoS protection, which is virtually not included anywhere at this time, are being released at a new location and are very popular on the vServer market.
2018
Our last host systems are moving to the new location — every customer now enjoys free DDoS protection regardless of the purchased product.
2024
Implementation of our new DDoS protection under the project name zero-loss, which allows us to eliminate final dependencies on individual market players and create an independent, redundant solution that offers maximum reliability and scalability.
Everything you need to know about DDoS protection
Here you can find answers to frequently asked questions
A distributed denial of service (DDoS) attack is a malicious way to cripple a website or online service by overloading it with a massive amount of requests or traffic. Attackers use a network of compromised computers and devices known as a botnet to send requests at the same time. This flooding causes the target's servers, networks, or applications to become overloaded and either respond extremely slowly or completely fail. The goal of a DDoS attack is to affect the availability and performance of affected services, resulting in downtime and disruption for users.
DDoS attacks fall into several major categories. Volume-based attacks flood networks with massive traffic to deplete bandwidth. Protocol attacks exploit vulnerabilities in network protocols to burden servers or networks. Application-based attacks target specific applications by sending complex requests to overburden them. There are also combined attacks that mix different methods to overcome the defense mechanisms and cause extensive overloads.
In contrast to many competitors, we rely on a combination of different solutions, all of which are maintained and developed within our company. What is unique about this is that potentially vulnerable traffic is constantly running through DDoS protection. Attack detection and filtering therefore takes place in real time, so that the time-to-mitigate (TTM) for normal attacks is 0 seconds and even complex attacks when individual thresholds are exceeded are filtered immediately, i.e. without delay through the necessary analysis and detection. Our technology also takes into account outbound connections made by customer servers and can thus filter attacks that standard solutions cannot or only insufficiently mitigate without so-called symmetric filtering.
All of our products are protected against DDoS attacks as standard. For customers with special requirements for individual filter rules, etc., we offer tailor-made anti-DDoS solutions. We operate our network and DDoS protection completely ourselves, so that we can adequately protect every new customer from attacks — regardless of the size, intensity and duration of the attacks.
Our fight against DDoS attacks works on multiple levels. Clearly invalid traffic, such as an amplification/reflection attack or UDP traffic on TCP ports, is already not reaching our routers, as this is filtered out by upstream infrastructure or limited to a minimum. Our routers carry out further pre-filtering measures and redirect the remaining traffic to our own scrubbing center, which carries out the granular filtering of all traffic and only allows valid traffic to pass through to the target system. The scrubbing systems also automatically create filter rules (BGP Flowspec), which are used by routers and carriers for further pre-filtering.
