Skip to main content

DDoS Protection

We only provide DDoS protection in our Nuremberg, DE location. Our Los Angeles, Miami, Secaucus, Kansas City, and Johor locations do not have DDoS protection, and may be nullrouted upon a DDoS attack.

DDoS Protection Add-on

Price and Availability

For services in Nuremberg, we include DDoS mitigation by Avoro/Dataforest at no additional charge (this may change in the future). Services protected by Avoro/Dataforest have access to similar filters as those that are protected by NeoProtect, and have access to configurable firewall filters.

Filters

Filters are only available for servers in our Nuremberg, DE location. Currently, we provide the following filters (this may change in the future) for servers located in Nuremberg, DE:
NameProtocolActionFilterTags
SCP: Secret LaboratoryUDPFILTERSCP: Secret LaboratoryDefault
ArmaUDPFILTERArma ReforgerDefault
PalworldUDPFILTERPalworldDefault
TeamSpeak 3 Query/FiletransferTCPFILTERTeamSpeak 3 Query/FiletransferDefault
AltV UDPUDPFILTERAltV UDPDefault
AltV TCPTCPFILTERAltV TCPDefault
txAdminTCPFILTERtxAdminDefault
OpenVPNUDPFILTEROpenVPNDefault
FiveM TCP Ultra StrictTCPFILTERFiveM TCP Ultra StrictDefault
FiveM TCP StrictTCPFILTERFiveM TCP StrictDefault
Plasmo VoiceUDPFILTERPlasmo VoiceDefault
UDP Light GenericUDPFILTERUDP GenericDefault
HTTPTCPFILTERHTTPDefault
Minecraft JavaTCPFILTERMinecraft JavaDefault
any TCP applicationTCPFILTERStateful TCPDefault
Source Engine / A2SUDPFILTERSource Engine / A2SDefault
FiveM TCPTCPFILTERFiveM TCPDefault
FiveM UDPUDPFILTERFiveM UDPDefault
RakNet (Rust, MC Bedrock, Terraria, 7 Days to Die, …)UDPFILTERRakNet (Rust, MCPE, Terraria, …)Default
QUICUDPFILTERQUICDefault
DayZUDPFILTERDayZDefault
TLSTCPFILTERTLSDefault
TeamSpeak 3UDPFILTERTeamSpeak 3Default
WireGuardUDPFILTERWireGuardDefault
any UDP applicationUDPFILTERUDP GenericDefault
Remote Desktop ProtocolTCPFILTERRDPDefault
FiveM UDP StrictUDPFILTERFiveM UDP StrictDefault
SSHTCPFILTERSSH2Default

Configuration

For servers in our Nuremberg, DE location, you will have access to a tab within the VPS control panel called the DDoS Protection. image We recommend enabling “Allow Egress Traffic” and “Symmetric Filtering” if it is available in this tab. Set the “Default Action” to Drop in order to block all traffic unless it matches a specific rule. This means that if you want to allow something (like a port or app), you must create a rule for it, otherwise, it will be blocked. image Make sure to create firewall rules for each of the applications that you are running on your VPS. For example, if you have SSH on port 22, make a firewall rule with: 
Protocol: TCP
Preset: SSH (TCP)
Min Port: 22
Max Port: Blank
You can also create port ranges. For example, if you have Minecraft Java servers running on Port 25565 to Port 25575, you can make a firewall rule like: 
Protocol: TCP
Preset: Minecraft Java (TCP)
Min Port: 25565
Max Port: 25575
If you do not perform these steps to add rules for each of your applications, then the mitigation will not work properly.

Sending DDoS Attacks

We strictly prohibit any form of Distributed Denial of Service (DDoS) activity toward our network, even if the target is your own DDoS-protected IP address. Launching or simulating DDoS attacks is illegal in many jurisdiction. In the United States, it constitutes a violation of the Computer Fraud and Abuse Act of 1986, and can lead to a prison sentence, fine, or a criminal record. Furthermore, purchasing access to DDoS tools or botnets is not only unethical but also contributes directly to cybercrime. These tools are commonly powered by networks of compromised devices, often without the knowledge or consent of their owners. Therefore, we highly advise against participating in sending DDoS attacks, even if it is to only test your DDoS mitigation.