General information about DDoS protection

Last update: August 25 2025

DDoS attack is a distributed denial-of-service attack.Sends a large number of requests to the attacked service in order to reduce its performance or disable it completely.

All Selectel products are by default protected against Selectel DDoS attacks.Protection is provided at the network and transport (L3, L4) layers.Incoming traffic is analyzed, flows of unwanted traffic from the external network are blocked.

For additional protection of the service you can select other types of protection (DDoS-Guard L3-L4 protection, analyzing incoming and outgoing traffic, as well as L7 protection).The type of protection is determined by the DDoS attacks from which you want to protect the service.

All presented DDoS protection services can be activated only for IP addresses that are used in Selectel infrastructure.

Types of protection

Protection should be selected depending on the level of network communication, which is targeted by attacks — network and transport layer (L3, L4), application layer (L7).Learn more about the types of DDoS attacks at different levels and ways to protect against them in the Selectel blog article How to protect your server from DDoS attacks.

	Network and transport layer protection (L3, L4)		Protection at the site, application level (L7)	Protecting a web application from targeted attacks (L7)
The object of the attack	Band exhaustion, network infrastructure disruption	Exploiting weaknesses in the network protocols on which the Internet is based (the TCP/IP stack, which is responsible for transmitting and routing packets on the Internet)	Attacking websites and applications (identifying illegitimate requests to applications)	Targeted attacks on web applications (extracting information from database, disk, injecting malicious code)
Reflection method	Analyzing L3, L4 traffic headers, identifying problems on network equipment	Behavior analysis of TCP/IP clients (applications interacting with the server) and data packets that are transmitted over the network, filtering based on behavioral analysis	Analyze and clean traffic at the level of application protocols HTTP/HTTPS, DNS, etc., taking into account the specifics of the application.	Traffic analysis and filtering using continuously learning ML algorithms, as well as signature, behavioral and reputation analysis methods

Select protection

	Selectel Protection (enabled by default)	DDoS-Guard L3-L4 protection	DDoS-Guard site protection and acceleration	Curator's defense	WAF Curator
Network layer protection (L3, L4)	✓ (incoming traffic only)	✓	✓	✓	✗
Protection at the site, application level (L7)	✗	✗	✓	✓	✗
Protecting a web application from targeted attacks (L7)	✗	✗	✗	✗	✓