Technologies or «How our DDoS protection works»

Triple Filter

Triple Filter All traffic passing towards your server is cleaned in three places:

1) Edge routers. Over 100 edge routers spread all over the world are set up to discard traffic that should not reach you by definition. This layer of protection makes our clients resistant to 100+ Gbit attacks, because TCP and UDP amplification is completely blocked on this layer.

2) Hardware filters. Most part of TCP/UDP flood is blocked on this layer. Thanks to using hardware filtering appliances, extremely high packet processing speeds are reached. Filtering network is built in a way to evenly distribute load on several hardware filtering appliances.

3) Stateful filters. Thin filtering layer where the most complex and smart attacks are blocked, including bot attacks. For HTTP traffic, this layer includes BanHammer HTTP filtering system.


Our FlowSense system constantly monitors all data flows coming to your server/website, searches anomalies and automatically determines ongoing attack type. As a result, automatic adjustment of filtering parameters happens using BGP FlowSpec (RFC 5575) and API of our filtering systems.


BanHammer is our system for filtering HTTP flood precisely tuned on dozens of thousands of real attacks on our clients’ websites. Despite the name, there are no bans - we use intelligent filtering methods based on behavioural and signature analysis. It made it possible to reduce number of false positives to minimal values as well as maximize percent of filtered flood.

Global Session

Our infrastructure is built catastrophe-resilient, so even a cataclysm leading to outage of one point-of-presence will not lead connection loss. How it is achieved? Due to our Global Session system, all our filtering points all over the world «know» that client is has connected to your server and in case of unavailability of one of the points traffic will be automatically redirected to another point nearest to the client.

ZeroNAT Tunnels

NAT technology was invented in 1990s to reduce usage of public IP addresses on the Internet. Now it is often use in other purposes. We do not use NAT for our tunnels (or elsewhere in the network). When you use tunnel to connect protection, you see real IP directly on your server. It helps achieving maximum performance (NAT consumes a lot of resource), reducing latency and avoiding NAT-related problems. Moreover, number of TCP/UDP ports under protection is unlimited!


Traffic from your clients to your server on the Internet almost always goes on the cheapest links which don’t provide optimal speed and latency. When you connect StormWall protection, traffic from the filtering point nearest to client is directed to your server using optimal low-latency routes inside StormWall network (SpeedRoute). It often helps to reduce latency with 3-8 ms.


Your website will load faster with StormWall protection because large files will be automatically cached in RAM of our caching servers and delivered to your clients momentarily! RAM works dozens of times faster then SSD disk, so each website can be speeded up this way. Also, HyperCache removes most of unnecessary load from your server helping it response faster. HyperCache is absolutely transparent for your website visitors and does not require you to change anything on the website. It does not cache anything unnecessary and is highly tunable for your needs. Even if your server is on another part of planet, your users will load pictures from the nearest point!

Still in doubt? Ask us a question!
Talk to a consultant now