General information about DDoS protection

Last update: June 04 2025

A DDoS attack is a distributed denial-of-service attack. Sends a large number of requests to the attacked service in order to reduce its performance or disable it completely.

All Selectel products are by default protected against Selectel DDoS attacks. Protection is provided at the network and transport (L3, L4) layers. Incoming traffic is analyzed, unwanted traffic flows from the external network are blocked.

For additional protection of the service, you can select other types of protection (DDoS Guard L3-L4 protection, analyzing incoming and outgoing traffic, as well as L7 protection). The type of protection is determined by the DDoS attacks from which the service should be protected.

All presented DDoS protection services can be activated only for IP addresses that are used in Selectel infrastructure.

Types of protection

Protection should be selected depending on the network layer targeted by the attack — network and transport layer (L3, L4), application layer (L7). Learn more about the types of DDoS attacks at different levels and how to protect against them in the Selectel blog article How to protect your server from DDoS attacks.

	Network and transport layer protection (L3, L4)		Protection at the site, application level (L7)	Protecting a web application from targeted attacks (L7)
The object of the attack	Band exhaustion, network infrastructure disruption	Exploiting weaknesses in the network protocols on which the Internet is based (the TCP/IP stack, which is responsible for transmitting and routing packets on the Internet)	Attacking websites and applications (identifying illegitimate requests to applications)	Targeted attacks on web applications (extracting information from database, disk, injecting malicious code)
Reflection method	Analyzing L3, L4 traffic headers, identifying problems on network equipment	Behavior analysis of TCP/IP clients (applications interacting with the server) and data packets that are transmitted over the network, filtering based on behavioral analysis	Analyze and clean traffic at the level of application protocols HTTP/HTTPS, DNS, etc., taking into account the specifics of the application.	Traffic analysis and filtering using continuously learning ML algorithms, as well as signature, behavioral and reputation analysis methods

Select protection

	Selectel Protection (enabled by default)	DDoS Guard L3-L4	DDoS Guard site protection and acceleration	Curator's defense	WAF Curator
Network layer protection (L3, L4)	✓ (incoming traffic only)	✓	✓	✓	✗
Protection at the site, application level (L7)	✗	✗	✓	✓	✗
Protecting a web application from targeted attacks (L7)	✗	✗	✗	✗	✓