First steps to setup a Safe Zone for your DDoS protection Print

  • IPC, ddos attack, ddos protection setup, ddos, ddos cloud, protection layer, ip protection, first Safe Zone
  • 40

First steps to set up a Safe Zone for your DDoS protection

After you have access to your IPC client panel, navigate to At first, you need to create a "Safe Zone". This container of protection technology lets you configure a personal security layer what's based on the service you want to protect. After this step, you will be available to enable all kind of technology what's needed for your IP protection. Now you need to disable all Safe Zone functionality that you do not need to protect your IP service. Tip: If you do not understand some function that's enabled by default, please leave it enabled. For example, if you are protecting a website, you do not need UDP and you should disable it under your baseline settings. When this is also done it's time to disable all TCP and UDP ports which are not used by your IP service. This you can do by adding filters to it. By default some default filters are added to your Safe Zone, and you can also add personal created filters. When this is performed you can add your IP subnets to the Save Zone. Depending the IPC package you have, you can create multiple Safe Zones. When your Safe Zone is ready you can enable the "Service baseline threshold learning" mode in "Transparent" mode. This way the system will look for some period to which baseline functionality thresholds you are using and adjust it at the end by your real data traffic and enable the Safe Zone again. This way you will avoid false positives. Now you have created your default protection setup. 

If you want to make adjustments you can perform it real-time in your client panel or by API. For example at the "Default Service Baseline Settings" you can manage different types of defenses (TCP, UDP, ICMP, HTTP(S), DNS, SIP, others). Every type of defenses has three actions: drop, rate-limit, and defense. The most useful are defense. When you will activate some kind of defense checks, you should set up thresholds. Thresholds are values amount of packets which will pass thru scrubing device without any checks and your Safe Zone will have the state "Normal". As soon as threshold will be exceeded every packet will be checked and your safe zone will have the state "Abnormal". As soon as the IPC cleaning engine detect malformed packets it will be discarded and your zone will have the status "Attacked", also, you will able to see a type of attack and the amount of dropped packets in your dashboard.

BTW, when you will make changes to your defenses, add/delete IPs and other all-new settings will store in the special database but will not apply to IPC cloud engine. These adjustments are still not active, to apply all changes you have to click the button "Deploy" or "Save and Deploy" and it will be applied to the cloud within a few minutes. When you made changes but didn't deploy it a safe zone will have the status "Part deployed". If your safe zone will have "Failed" state, this means that your new changes in a safe zone did not apply to the scrubbing device and the device has just an old configuration (this doesn't mean that your changes are not active).

For GRE customers: if you have an attack and want to protect your subnet you should start to announce this subnet to us by BGP and stop to announce it to your uplinks or announce to us more specific prefix or in other way change routing from the whole Internet to your networks only thru our network (AS) in this case we can fully protect your hosts.

Was this answer helpful?

« Back