About HostVPS » DoS / DDoS protection

We protect our customers with advanced mechanisms against DoS/DDoS for FREE.

DoS attack

DoS: denial-of-service attack

Basically it is when a server or machine sends a large number of requests to another server in order to disable their ability to display websites, use of mails or other service. This type of detection / mitigation is constant. Security systems, hosted in our data center, are responsible 24x7 mitigating such attacks, not only incoming, but also outgoing. Our network does not emit attacks to the outside, since the anti DoS / DDoS system stops it before it goes to the Internet.

DDoS attack

DDoS: Distributed Denial of Service attack

The purpose is the same as the DoS attacks, but in this case, it is not a PC or server that attacks another but many who carry out the attacks against a single server in order to take it down or explode stress vulnerabilities. Typically, this type of attack is sent by volume (many Mbps) or by packets (many packets per second) and, in this way, it is possible to saturate the victim trying to attend more packets than the CPU supports or, in case If by volume, the high amount of data causes the network to saturate and affect the server. This type of detection is more complex but at the same time more effective for attackers. HostVPS has two detection systems and three alert levels that continuously analyze incoming packets in the network using several fingerprint pattern recognition systems.

How does our anti DoS/DDoS technology work?

We protect our dedicated servers and VPS with one of the most advanced anti DoS / DDoS systems to increase the protection of our customers. Our system not only mitigates with DoS attacks, but also large volume DDoS attacks from different sources.


First alert (10 seconds)

Our systems has an appreciation for traces of the attack and send orders to our routers mitigation, informing them of the situation of the attack, to make changes dynamically in our configurations in order to mitigate it. Our system report directly to the Cisco core routers and performs blocking tasks at source level, until the DDoS mitigation systems have sufficient information to generate the traces of the attack and, dynamically and thanks to advanced algorithms, decide which action is to be taken.

Second alert (20 seconds)

Our systems observe if the attack is being mitigated by our routers in origin. If not, other, more restrictive policies are applied, always blocking sources, never the customer. In parallel, new policies are applied and resources are dynamically increased. All these actions are carried out completely within our network. All external traffic is treated by our external detection and mitigation systems.

Third warning (30 seconds)

It is observed if the attack is being mitigated optimally. If so, continue with current mitigation systems. In other case, the traffic is diverted to a large flow ring to be mitigated. We only divert international traffic, thus avoiding affecting latencies. If the DDoS attack is of great magnitude, it diverts both international and domestic traffic, offering complete mitigation. The maximum flow of the mitigation ring is between 900Gbps and 1200Gbps

DDoS pattern and mitigation

A pattern footprint is obtained and applied to all incoming traffic. Various footprints and patterns can be applied to make mitigation more effective.