DDoS Protection

DDoS attacks harm your applications. Not with us! With Aurologic GmbH (formerly Combahton GmbH) DDoS Protection, your applications are shielded against DDoS attacks.

Aurologic DDoS Protection

Through the use of various detection software and pre-filters, effective protection of our infrastructure against DDoS attacks is ensured. Automatic identification of "Bad Traffic" is performed, which can be classified and filtered up to a bandwidth of 800Gbps. If an attack is detected, the targeted server remains online and accessible, allowing it to be used as usual. Non-relevant ports are blocked for the duration of the attack to directly prevent attacks on them.

Layer 3/4 DDoS Protection

We understand DDoS attacks at the network level, particularly floods on OSI Layer 3 and Layer 4, including UDP Reflection, TCP, ICMP, and UDP Floods. Furthermore, they also encompass attacks on other IP protocols such as GRE or IPSec. We have granular protection mechanisms for filtering UDP floods, which can particularly affect game servers. Network-level DDoS filtering is performed by Aurologic's self-developed flowShield DDoS appliance based on the netmap framework. We are proud to offer our customers a powerful DDoS protection solution based on the latest technology, ensuring reliable and effective filtering of DDoS attacks.

What happens during an attack

  • ICMP / IGMP (including PING) is discarded.
  • UDP Source Ports 19, 69, 111, 123, 137, 161, 389, 520, 1434, 1900, 9987, 11211 are limited (10Mbps).
  • TCP / UDP fragments (packets larger than 1500 bytes) are discarded.
  • UDP Destination Ports 9000 to 9999 are strictly filtered against Teamspeak3 packets.
  • UDP Destination Ports 27000 to 29000 are strictly filtered against Source Engine packets.
  • UDP Destination Port 53 is strictly filtered against DNS packets and enforces TCP Truncation.
  • With active HTTP Layer7 Mitigation, all TCP traffic on Ports 80 and 443 is routed through a reverse proxy.
  • When active HTTP Layer7 mitigation, Cloudflare must be deactivated to avoid a loop in DNS resolution.
  • All other traffic (except TCP/UDP) will be blocked.

All other traffic (TCP/UDP) will be strictly validated:

  • TCP connections are only possible if a TCP SYN or SYN-ACK packet has been sent and accepted beforehand. The filters behave like an asynchronous stateful firewall for server applications. Establishing an initial connection (SYN or SYN-ACK) might take significantly longer or be initially interrupted, causing web pages to load slower.
  • UDP connections are only possible if they are initiated by a "valid client." Spoofing is prevented by intelligent comparison of all connection parameters.
DDoS Schutz

Layer 7 DDoS Protection

We employ a specific filtering technique to counter DDoS attacks at the application layer, particularly for HTTP. Our proprietary solution distinguishes genuine clients from DDoS bots through challenge-response mechanisms. Filtering is transparent and does not interfere with the DNS records of affected domains. SSL termination is performed on Aurologic's protection infrastructure, ensuring secure and reliable filtering of DDoS attacks. Our customers can add SSL certificates via API and the client area for seamless integration with Aurologic's DDoS protection infrastructure. We take pride in offering our customers a comprehensive and effective Layer 7 DDoS protection solution through Aurologic.

Game Filter

DDoS Schutz
  • 2300-2400: DayZ and Arma 3, as well as Arma 3 Query
  • 5761-5794: Atlas
  • 7000-8999: Generic Games
  • 9000-9999: Teamspeak3
  • 12800-13100: Hurtworld
  • 19132: Minecraft Pocket Edition
  • 22000-22020: Rage-MP / MTA
  • 22126: Rage-MP / MTA
  • 23000-23200: Battlefield
  • 27000-28000: All Source Engine / Query games like Counter Strike 1.6, Counter Strike Source, Counter Strike GO, The Ship, Garrys Mod, Nuclear Dawn, Call of Duty Modern Warfare 3, Starbound, Space Engineers, 7 Days to Die, Rust, Quake Live, ARK: Survival Evolved, Valheim, Mordhau
  • 30000-32000: FiveM GTA-MP
  • 36123-36128: Stormworks

Information for other games:

  • Please use the recommended ranges. If you are missing a game, please contact our customer service. We will analyze the game in question and add specific filters.

Ready When You Are.

Your new product will be set up within 30 seconds. What are you waiting for?