Our DDoS protection for TCP/UDP services works by filtering out all malicious traffic types and can be connected via an IPIP/GRE tunnel, by TCP proxying, or via physical connection.
We offer subscription plans customized for various services, differing in features, performance, and price. All of the plans, however, have certain common features making our service one of the most efficient protection solutions. Specifically, we have the Standard subscription plan suitable for small-scale web apps, Business plan for business applications, and Enterprise plan for the most critical systems.
Select а Subscription plan
|IP addresses (rented)||1||1||1|
|Additional rented IP address||-||0||0|
|BGP support, possibility to announce own IP addresses (unlimited)|
|Protection from L3-L5 attacks|
|Protection from L7 (HTTP/HTTPS) attacks||No||Possible (contact us)||Possible (contact us)|
|Included legitimate bandwidth (excess allowed) ?||50 Mbps||50 Mbps||50 Mbps|
|Max support reaction time||60 min||30 min||15 min|
|Expert AntiDDoS support|
|Guaranteed availability (SLA), not less than ?||99%||99,2%||99,5%|
|Ideal for||Special offer for small Internet services||Effecient solution for business applications||Best solution for mission-critical applications|
|Maximum filtering bandwidth without connection inspection (stateless)||Over 2 Tbps||Over 2 Tbps||Over 2 Tbps|
|Maximum filtering bandwidth with connection inspection (stateful)||Over 600 Gbps||Over 600 Gbps||Over 600 Gbps|
|Legitimate traffic volume||unlimited||unlimited||unlimited|
|Delivery time ?||15 min||15 min||15 min|
|Price per month||180||400 By request||By request|
Who needs our service
Protecting TCP/UDP services from DDoS attacks will be equally beneficial for end customers who need to protect their gaming servers, business applications, VoIP services, etc., as well as service providers such as ISPs, hosting service providers, and datacenters.
Why you need your TCP/UDP services protected
- DDoS attacks are growing in number and power year upon year
- By launching DDoS attacks, malicious hackers are trying to disrupt normal operation of your web applications
- Protecting TCP/UDP services can help minimize the risks created by malicious activity
- Thanks to TCP/UDP services becoming attack-proof, your web applications operate more stable and reliable, ensuring smooth interaction for your customers.
- Being absolutely transparent for end users, the StormWall TCP/UDP protection service will cause no inconvenience to them whatsoever.
What your company will get
- Reliable protection of TCP/UDP services from DDoS attacks
- Unlimited amount of filtered traffic
- No restrictions on ports number on your server
- Filtering at Layers 3 through 5 of the OSI model
StormWall advantages over other solutions
- World-class, advanced DDoS protection service that uses AI to detect traffic anomalies, predict an attack and identify its likely scenario
- User-friendly and intuitive control panel
- Continuous improvement of our cloud security platform by our own team of experts, enabling us to efficiently counter hacker and DDoS attacks of various nature and intensity
- Expert 24x7 technical support with an average response time of just 5-7 minutes
- Guaranteed availability of the protected web resource
How to connect the TCP/UDP protection service
The connection is made through an IPIP/GRE tunnel or using a proxy.
- IPIP/GRE tunneling can be employed if you use a Unix-like operating system (e.g. Linux or FreeBSD) or a specialized router (Cisco, Mikrotik, etc.). In this case, we assign you a secure external StormWall IP address. In fact, your server just gets another IP address, a secure one, and you see the actual IP addresses of all the users.
- TCP proxying is used if your server runs Windows. In this case, all requests to the server will come from the same IP address, and you won’t know the actual IP addresses of the users.
How we ensure the high quality of our service
NAT technology was invented in the 1990s to reduce the usage of public IP addresses on the Internet. These days, the technology is often used for other purposes, including for tunneling in anti-DDoS services. We do not use NAT for our tunnels (or elsewhere in our network). When you use a tunnel for protection, you see actual IP addresses on your server. This helps to achieve maximum performance (NAT consumes lots of resources), while reducing latency, and avoiding NAT-related problems. Moreover, the number of TCP/UDP ports that can be protected is unlimited!
All of your server’s inbound traffic is cleaned up in three stages:
Edge routers. Over 100 edge routers all over the world are set up to discard traffic that should never reach your servers. This protective layer makes our clients resistant to 100+ Gbps attacks, with TCP and UDP amplification attempts entirely blocked at this stage.
Hardware filters. Most of the TCP/UDP flood is blocked at this layer. Thanks to the use of hardware-based filtering appliances, extremely high packet processing speeds are achieved. The filtering network is built in such a way that evenly distributes the load between a number of appliances.
Stateful filters. The fine-filtering layer is where the most complex and sophisticated attacks are blocked, including bot-based ones. For HTTP traffic, this layer includes our BanHammer HTTP filtering system.
Our infrastructure is built disaster-resilient from the ground up, so an event causing outage of one point-of-presence will not lead to a connection loss. How it is achieved? Thanks to our Global Session system, all our filtering points all over the world “know” whenever a visitor has a connection to your server, and in case one point-of-presence becomes unavailable traffic will be automatically redirected to another location nearest to the client.
BanHammer is our system for filtering out HTTP floods, precisely tuned based on dozens of thousands real-world attacks that had targeted our clients’ websites. Despite the name, there are no actual “bans” - we use intelligent filtering methods based on behavioral and signature analysis, enabling to minimize false positives while maximizing the percentage of flood traffic being filtered out.
StormWall™ network capabilities
Points of presence:
- Germany (Frankfurt-am-Main) — Equinix FR-5 and e-Shelter
- USA (Washington DC) — Equinix DC-3
- China (Hongkong) — Equinix HK1
- Russia (Moscow) — MMTS-9
- Over 2 Tbps stateless bandwidth, with IP packets processed at ACL/FlowSpec level without TCP connection check, efficiently blocking TCP/UDP amplification attacks.
- Over 600 Gbps stateful bandwidth, with every incoming TCP connection processed and analyzed.
- Minimum added latency for traffic proxying. Moreover, the protected online resource can perform even faster thanks to persistent HTTP connections and HyperCache
Becoming our client
Subscribing to StormWall Anti-DDoS hosting is as easy as ABC!
Method 1. Chat with our online consultant or call us! Our experts are always online, available 24x7 to help you connect in just 10 minutes.
Method 2. Choose a suitable payment plan and click Order. You then will be able to take all the necessary steps to enable and configure protection on your own.
- Wire transfer
- Credit card (Visa/Mastercard/etc.)
- Google Pay
- Apple Pay