DDos Attack Protection

DDoS attacks on online resources are intended to impede access, thereby suspending activity

DDoS attacks have become more complicated over time and their effects have become more devastating. The amount of data that can be transferred by a DDoS attack has increased markedly from only 3.5 Gbps in 2005, to 80 Gbps today; providing capabilities to impact national networks.

DDS’s comprehensive solution combines specialist hardware and software, industry expertise and dedicated channels to counter attacks. Client traffic is passed through a purifying network of filters, thereby ensuring that client resources are continually protected, irrespective of any attempted attack.


In response to client requests, DSS has been successful at suppressing DDoS attacks, saving clients’ money and avoiding the need for shutdowns. DSS then conducts investigations, providing clients with valuable information which could be used to bring the perpetrators to justice. Moreover, DSS is able to provide expert advice to help ensure that similar attacks are avoided in future.


DSS will respond to contain an attack even if the client does not have a pre-existing subscription for DSS’s support services. With points of presence located throughout the world, DSS is able to respond to attacks in a timely manner and nullify them at source. By making use of both domestic and international filtering systems, DSS is able to achieve the following:

  • Nullify “parasitic” traffic, the volume of which threatens the main channels of the leading providers
  • Drive down service costs for clients exceeding even the 27 Gbps threshold during an attack There are two approaches that can be taken to traffic routing and these can be amended in order to satisfy the needs of the client.

DNS forwarding (proxy)

Clients are issued with an IP address in a protected network. It is then possible to route the client’s traffic via DSS network infrastructure by making changes to the DNS. The traffic is filtered to remove any malicious content before being returned to the client’s network. This is a relatively simple method and also the fastest approach available.

DNS forwarding with subsequent GRE tunneling (to protect HTTPS traffic)

This can be deployed for resources using the HTTPS protocol. Unlike the previous method, this approach routes traffic via the GRE protocol between the DSS network infrastructure and the client’s servers. This protection service is activated using a three-step process that typically takes less than two hours to complete. Traffic can then begin being purified within thirty minutes.

Contact Dss to find out how to activate this service.

Costs charged to clients are based on the volume of legitimate traffic generated, excluding any attack traffic. The service will be activated upon receipt of a scanned letter of payment guarantee.

After that, an IP address is issued and the client must then change the A-record of the DNS zone in the hosting configurations. Once this has been done, it takes only four hours before all traffic begins being routed via the DSS distribution network for purification.

Containing a DDoS attack can take between one and twenty four hours to achieve. The length of time required depends on both the volume and the willingness of the client to speedily amend equipment configurations.

Existing alternatives (traditional methods)

Hardware solutions have traditionally been used to offer protection against DDoS attacks but these solutions are relatively expensive and only offer protection against approximately eighty variations of standard DDoS attacks carried out by basic botnets. Hardware solutions offer no protection against “smart” cyber attacks which by-pass the algorithms of the protection system.

Find out more about what we do

The company is currently developing a system to combat international cyber crime, which will equip the law enforcement authorities in any jurisdiction to effectively tackle the problem of computer-based malfeasance. Crucially, the technology assists at the most problematic stages of the criminal investigation, including the assemblage of evidence, DDoS protection and web auditing.