DDOS IP Protection

Description

The LeaseWeb DDoS IP Protection service protects your services against volumetric,  protocol-based and in some cases against application layer DDoS attacks that target the IP addresses of LeaseWeb services, enabling these services to remain operational during such attacks. The Standard DDoS IP Protection Service is available with all LeaseWeb’s Dedicated Servers and Bare Metal Servers in shared racks and private racks, as well as with Colocation Services and Cloud services, while "Customized" and "Always-on" solutions are available for Single Tenant Private Cloud services, as well as for customers who need enhanced response times or attack protection. DDoS IP Protection services provide automatic detection and notification of DDoS attacks and mitigation of such attacks through automated traffic scrubbing and/or null-routing.



Contents

DDoS IP Protection options

LeaseWeb offers 3 DDoS IP Protection options:

Standard The Standard DDoS IP Protection is implemented as a default at no extra costs and protects IP addresses against DDoS attacks according to standard “Scrubbing Thresholds”, see  table below. In case attacks exceed the Scrubbing Threshold, the IP address is null-routed. The typical "time-to-mitigate" is 2 - 3 minutes.
Customized

The Customized DDoS IP Protection adds increased protection levels (higher Scrubbing Thresholds and more accurate detection through dedicated traffic pattern recognition), as well as protection for Single Tenant Cloud services.

Always-on The Always-on DDoS IP Protection is the preferred option for servers in private racks where faster mitigation times are required (actual time-to-mitigate is between 45 and 90 seconds). The solution contains an in-line dedicated detection and scrubbing device and avoids re-routing to shared scrubbing devices.


Application or Layer 7 attacks can be mitigated by the Customized or Always-on DDoS IP Protection services. You can discuss your specific profile requirement with one of our network security engineers.


To protect your domains against all types of Cybersecurity threats, you will need LeaseWeb Web Application Firewall (WAF) services.


Protection Option 

Scrubbing

Thresholds

Volumetric

Attack  (Gbps)

Scrubbing

Thresholds

Volumetric

Attack  (Gbps)

Scrubbing

Thresholds

Protocol based

Attacks (pps x 1000)

Scrubbing

Thresholds

Protocol based

Attacks (pps x 1000)

Application

(Layer 7) a

Attacks

DDoS

target

mitigation

time 

Security

Engineer

Support


Volume 

Network 

Premium 

Network 

Volume 

Network  

Premium 

Network 




Standard 

1Gbps 

5 Gbps 

500 

2.500 

No

2-3 min 

working hours

Customized   

30 Gbps 

>40 Gbps 

10.000 

>20.000 

Yes*

2-3 min 

24x7x365

Always-on 

n x 10Gbps 

n x 10Gbps 

n * 6.000 

n * 6.000 

Yes*

0-90 sec 

24x7x365


*Yes, done during the provisioning process while setting up your profile

In addition to these DDoS IP Protection services LeaseWeb has deployed a first line of defence against volumetric attacks by rate-limiting the well-known UDP reflection / amplification attacks, like NTP, DNS, Chargen, SSDP, Portmap, before they reach the LeaseWeb DDoS scrubbing infrastructure.

Delivery time

Standard This is included upon delivery of the protected services.
Customized This requires no hardware or physical installation tasks. Time depends on your availability to discuss profiles, and takes approximately 10 working days to complete installation
Always-on  This requires ordering, delivery and installation of equipment. It takes approximately 10 working days to deliver and install if in stock, else an alternative expected delivery date will be given by your Sales representative.

How the DDoS IP Protection services work

Incoming Internet traffic enters our network via the "Border Routers”. These Border Routers are connected to “Detectors” that are scanning incoming traffic on irregular patterns or sudden increases in volume. If the Detectors identify a DDoS attack on an IP address, they instruct the Border Routers to reroute incoming traffic to “Scrubbers”- a system that separates the legitimate “clean” traffic from the “attack” (dirty) traffic, and it passes only the clean traffic to the destination IP address. You are immediately notified about a DDoS attack. If the traffic exceeds the Scrubbing Thresholds set for an IP address, this IP address will be null-routed. Upon detection that the attack is over, you will be notified again and scrubbing or null-routing will then be automatically deactivated.

Disabling DDoS IP Protection services

To prevent adverse impact on other customer’s services and our network infrastructure we can neither disable the service nor stop scrubbing or null-routing while the IP address is under attack.

Benefits of DDoS IP Protection services

LeaseWeb’s DDoS IP Protection services keep you and your business online. Are you occasionally attacked and the attacks size is small? Our Standard service should protect you sufficiently. Are you frequently attacked by complex attacks specific to your online presence? Our Customized service should close the door from every angle. Must your online presence always be online, with immediate reaction to an attack? Our Always-on service should keep you on-line at all times, with typically up to 90 seconds for “detection and scrubbing”.

Notification of an attack per email is enabled by default, and if is not desired, you can deactivate this from the Customer Portal (see below).

With LeaseWeb DDoS IP Protection Services, you will not need to work with multiple providers to lease and secure your hosting environment to protect against DDoS attacks targeted at your IP’s. That way we make it easy for you by taking tasks out of your hand to deal with multiple providers and thus saving time, effort and money.

Pricing transparency: you will know exactly what you get for the price  and no surcharges related to bursting DDoS attack traffic.
Dedicated experienced security engineer will setup your specific profiles and deliver a fully tested solution to protect against volumetric, protocol based and application layer attacks. 

Combined with Web Application Firewall (WAF) -  a Domain name protection service, a full portfolio of Cybersecurity services is offered to protect both customers IP addresses and customers' domains against all type of attacks.

Enabling/disabling DDoS attack notifications

In the Customer Portal, you can enable or disable email notification of DDoS attacks.

Perform the following steps to enable (or disable) notifications:

  1. Log in to the LeaseWeb Customer Portal.
  2. Click the "Manage" icon for the service for which you want to enable/disable receiving DDoS attack notifications.
  3. Click the "Network" tab, and under "DDoS Mitigation", click the "Edit" link.


     
  4. In the "Change email notification settings" popup window, select "Yes" or "No", and click the "Save" button.


For customers with Cloud products, enabling/disabling notifications, unfortunately is not yet live. In case that you do not want any email notifications, please contact our Support department support@leaseweb.com

FAQs about DDoS IP Protection

The cost of standard ip protection ?

The Standard DDoS IP Protection is implemented as a default at no extra costs and protects IP addresses against DDoS attacks according to standard “Scrubbing Thresholds”. In case attacks exceed the Scrubbing Threshold, the IP address is null-routed. The typical "time-to-mitigate" is 2 - 3 minutes.

In case of DDos attack, how traffic will calculate?

Both incoming and outgoing traffic towards your host is recorded. Please note that DDoS traffic, even if malicious, is intended for your host. This means that the recorded traffic that occurs before the scrubbing and null routing will be billed.

Can you explain what you do (as Leaseweb) to secure against DDoS?

Incoming Internet traffic enters our network via the "Border Routers”. These Border Routers are connected to “Detectors” that are scanning incoming traffic on irregular patterns or sudden increases in volume. If the Detectors identify a DDoS attack on an IP address, they instruct the Border Routers to reroute incoming traffic to “Scrubbers”- a system that separates the legitimate “clean” traffic from the “attack” (dirty) traffic, and it passes only the clean traffic to the destination IP address. You are immediately notified about a DDoS attack. If the traffic exceeds the Scrubbing Thresholds set for an IP address, this IP address will be null-routed. Upon detection that the attack is over, you will be notified again and scrubbing or null-routing will then be automatically deactivated.