Skip to main content
General information about DDoS protection
Last update:

General information about DDoS protection

A DDoS attack is a distributed denial-of-service attack. Sends a large number of requests to the attacked service in order to reduce its performance or disable it completely.

All Selectel products are by default protected against Selectel DDoS attacks. Protection is provided at the network and transport (L3, L4) layers. Incoming traffic is analyzed, unwanted traffic flows from the external network are blocked.

For additional protection of the service, you can select other types of protection (DDoS Guard L3-L4 protection, analyzing incoming and outgoing traffic, as well as L7 protection). The type of protection is determined by the DDoS attacks from which the service should be protected.

All presented DDoS protection services can be activated only for IP addresses that are used in Selectel infrastructure.

Types of protection

Protection should be selected depending on the network layer targeted by the attack — network and transport layer (L3, L4), application layer (L7). Learn more about the types of DDoS attacks at different levels and how to protect against them in the Selectel blog article How to protect your server from DDoS attacks.

Network and transport layer protection (L3, L4)Protection at the site, application level (L7)Protecting a web application from targeted attacks (L7)
The object of the attackBand exhaustion, network infrastructure disruptionExploiting weaknesses in the network protocols on which the Internet is based (the TCP/IP stack, which is responsible for transmitting and routing packets on the Internet)Attacking websites and applications (identifying illegitimate requests to applications) Targeted attacks on web applications (extracting information from database, disk, injecting malicious code)
Reflection methodAnalyzing L3, L4 traffic headers, identifying problems on network equipmentBehavior analysis of TCP/IP clients (applications interacting with the server) and data packets that are transmitted over the network, filtering based on behavioral analysisAnalyze and clean traffic at the level of application protocols HTTP/HTTPS, DNS, etc., taking into account the specifics of the application.Traffic analysis and filtering using continuously learning ML algorithms, as well as signature, behavioral and reputation analysis methods

Select protection

Selectel Protection
(enabled by default)		DDoS Guard L3-L4DDoS Guard site protection and accelerationCurator's defenseWAF Curator
Network layer protection (L3, L4)✓ (incoming traffic only)
Protection at the site, application level (L7)
Protecting a web application from targeted attacks (L7)