DDoS Protection
DDoS mitigation has 2 modes
- Permanent: traffic towards these IPs is always filtered, good for services that are very sensitive to an abrupt load of traffic, some traffic can be rate-limited.
- Sensor: the protection is inactive* until an attack is detected and mitigation starts, DDoS Attacks are usually detected within 1-8 seconds.
Inactive*: some filters are also active in Sensor mode.
Protocol | Destination Port(s) | Filter type | Active on Sensor |
TCP | 1025 - 65535 | Generic TCP multi-purpose filtering | Partially, no rate-limits |
UDP | 53 | DNS specific filtering | No |
UDP | On Request | SA-MP filtering | No |
UDP | 9000 - 10500 | TeamSpeak3 filtering | Yes |
UDP | 2300 - 2899 | ARMA3 & DayZ filtering | No |
UDP | On Request | OpenVPN UDP filtering (BETA) | No |
UDP | On Request | Hurtworld filtering | No |
UDP | On Request | Multi Theft Auto filtering | No |
UDP | 27000 - 29000 | Counter-Strike Source, Counter-Strike 1.6, Counter-Strike Global Offensive (GO) filtering, ARK: Survival Evolved, Valheim, Space Engineers, 7 Days to Die |
No |
UDP | 27032 - 27079 | Garry's Mod filtering | No |
UDP | 28000 - 28009 | DDNet filtering (BETA) | Yes |
UDP | 28010 - 28020 | Rust filtering | Yes |
UDP, TCP | 30100 - 30200 | FiveM filtering | Yes |
UDP | 7785 - 7790 | SCP: Secret Laboratory | Yes |
UDP | 63000 - 65000 | Mumble filtering | No |
ICMP
Echo-Reply packets are blocked in both the modes, we keep it disabled for security reasons, on request, it is possible to enable it but only by activating a rate-limit system, we do not recommend the use of ICMP packets if you need a safe way to check the latency and/or the status of your service(s).
DNS
Incoming DNS replies are restricted to 1.1.1.1, 8.8.4.4, 8.8.8.8 and our recursive DNS caching servers 45.141.57.6, 45.141.57.8, traffic from other DNS resolvers can be allowed on request.
NTP
Incoming NTP replies are restricted to 162.159.200.123, 162.159.200.1 (time.cloudflare.com).