Anti-Distributed Denial of Service
 
The Network Box Anti-DDoS engine was created to provide Distributed Denial of Service (DDoS) Attack mitigation, so that ‘bad traffic’ is kept at bay, while ‘good traffic’ is allowed through to secured web facing servers, ensuring business continuity during ongoing attacks. It uses real-time automated fingerprinting to identify and blacklist attacks. The system takes milliseconds to respond to brute force attacks that typically come from thousands of sources.  
   
Features:
- 250,000+ malicious HTTP/HTTPS traffic blocks/sec.
- 95,000+ HTTP traffic classifications/sec.
- 7,000+ accepted HTTP transactions/sec.
- 6,500+ accepted HTTPS (SSL) transactions/sec.
- Real-Time Automated fingerprinting.
- Slows down attacks by a factor of up to 1,000.
- Millisecond response to brute force attacks.
- Total connections limiting.
- Total connection rate limiting.
- Per-source connections limiting.
- Per-source connection rate limiting.
- Per-source-per-method rate limiting.
- SYN cookies for SYN flood protection.
- Outbound connection postponement .
- 70+ global security sources including Microsoft Active Protections Program and Kaspersky Labs.
- Attack statistics from all customers processed at Headquarters in real-time.
- Information gathered from over 250,000 virtual honey pots.
 
   
The system keeps track of DDoS information on a per-source basis (which it periodically maintains and prunes), and imposes limits on reasonable behavior. Sources which exceed those limits are deemed to be DoS/DDoS attack sources and mitigated.