Home Page / Resources / How StormWall Works

How the StormWall DDoS protection service works

Website protection
You redirect your DNS record (yourself or with our help) to the protected IP
We proxy traffic from the visitors of your website, redirecting to your server only clean traffic saving real visitors’ IPs in HTTP header.
You can read more about what DDoS attacks are and how you can protect yourself in the article “What is DDoS (Distributed Denial of Service)“
IP protection (TCP/UDP)
Connection is established with GRE/IPIP tunnel or using proxy.
IPIP/GRE tunnel is possible if you are using *nix system (Linux, FreeBSD) or specialized router (Cisco, Mikrotik etc.). In this case we «teleport» protected Storm IP to your equipment and you use it for your clients.
When you use OS Windows on your server, proxy is used. In these cases all the requests from your clients will come from one IP address.
Network protection (BGP)
We establish GRE/IPIP/MPLS tunnel or physical connection with you on one or our connection points
We set up a BGP session which you use to announce your IP prefixes
We accept your announcement, filter all the traffic and deliver only legitimate traffic to your router
You can divert all traffic through StormWall or only incoming traffic, depending on your needs. You can use protection service always or activate it yourself only in case of attack.
Points of Presence
> 4500Gbit/s
Filtering Capacity
Kazakhstan (Almaty)
alm.stormwall.network
Connection via Jusan Mobile
China (Hong Kong)
hkg.stormwall.network
Equinix HK1
Indonesia (Jakarta)
Coming 2025
Singapore
sg.stormwall.network
Equinix SG3 with [ID]CloudHost
UAE (Dubai)
ae.stormwall.network
SmartHub Fujairah
Bulgaria (Sofia)
sof.stormwall.network
Telepoint Center
Brazil (São Paulo)
Coming 2025
USA (Washington D.C.)
was.stormwall.network
Equinix DC3
Germany (Frankfurt am Main)
fra.stormwall.network Equinix FR5
fra2.stormwall.network e-Shelter FR1
Bratislava, Slovakia
Dubai, UAE
Scrubbing Centers
Offices
Console Connect Locations
> 4500Gbit/s
bandwidth without connection inspection (stateless) - processing IP packets on ACL/FlowSpec level without TCP connection check (blocking TCP/UDP amplifications)
User's manual
You can download the user manual from this link
+44 20 3695 6722
Sign in
Under Attack?

StormWall for Web

DDoS protection for web applications

StormWall for Networks

DDoS protection for networks via BGP

StormWall for Servers

DDoS protection for TCP/UDP services

Web Application Firewall (WAF)

Protecting web applications with a cloud‑based security tool

Content Delivery Network (CDN)

CDN service to speed up content loading

Virtual Dedicated Servers (VDS/VPS)

VDS/VPS servers with DDoS protection

Anti-DDoS Hosting

Hosting and DDoS protection combined

Not sure which product is right for you?
Request a Call

Blog

Company and industry news, educational articles

How StormWall Works

Explore how our services can protect infrastructure from any type of attack

Success Stories

Articles with customer case studies

How to Connect

Instructions for launching DDoS protection

Knowledge Base

Cybersecurity terms and definitions

StormWall Partner Program

For resellers and service providers

White Label

Use StormWall DDoS protection under your brand

About StormWall

Learn more about our company, see contact details and terms of service

Our Clients

Companies protected by us over the years

Media

Articles featuring our company

Why StormWall

Our benefits

How the StormWall DDoS protection service works
Website protection
You redirect your DNS record (yourself or with our help) to the protected IP
We proxy traffic from the visitors of your website, redirecting to your server only clean traffic saving real visitors’ IPs in HTTP header.
You can read more about what DDoS attacks are and how you can protect yourself in the article “What is DDoS (Distributed Denial of Service)“
IP protection (TCP/UDP)
Connection is established with GRE/IPIP tunnel or using proxy.
Туннелирование IPIP/GRE возможно, если Вы используете ОС семейства *nix (Linux, FreeBSD) или специализированный маршрутизатор (Cisco, Mikrotik и пр.). В этом случае мы "телепортируем" на Ваше оборудование внешний защищенный Storm IP, с которым и связываются клиенты. По сути, на сервере просто появляется еще один адрес - защищенный, и Вы при этом видите все IP-адреса пользователей.
When you use OS Windows on your server, proxy is used. In these cases all the requests from your clients will come from one IP address.
Network protection (BGP)
We establish GRE/IPIP/MPLS tunnel or physical connection with you on one or our connection points
We set up a BGP session which you use to announce your IP prefixes
We accept your announcement, filter all the traffic and deliver only legitimate traffic to your router
You can divert all traffic through StormWall or only incoming traffic, depending on your needs. You can use protection service always or activate it yourself only in case of attack.
Points of Presence
> 4500Gbit/s
Filtering Capacity
USA (Washington D.C.)
was.stormwall.network
Equinix DC2
Germany (Frankfurt am Main)
fra.stormwall.network Equinix FR5
fra2.stormwall.network e-Shelter FR1
China (Hong Kong)
hkg.stormwall.network
Equinix HK1
Singapore
sg.stormwall.network
Equinix SG3 with [ID]CloudHost
UAE (Dubai)
ae.stormwall.network
SmartHub Fujairah
Bulgaria (Sofia)
sof.stormwall.network
Telepoint Center
Indonesia (Jakarta)
Coming 2025
Brazil (São Paulo)
Coming 2025
> 4500
Gbit/s
bandwidth without connection inspection (stateless) - processing IP packets on ACL/FlowSpec level without TCP connection check (blocking TCP/UDP amplifications)
User's manual
You can download the user manual from this link
+44 20 3695 6722
+1 (646) 491-62-59
sales@stormwall.network
Payment methods
Credit Card
Bank Transfer (invoice)
© 2013-2024 StormWall.network. All rights reserved