New SeGuard DDoS Mitigation release - Syn PROXY now for spoofed packets and DPDK support

New SeGuard DDoS Mitigation release - Syn PROXY now for spoofed packets and DPDK support

by chat_bubble_outline

– SYNPROXY Now stable – Spoofed Support .: With SYNPROXY we can increase 20x performance then old technique removing the “listen state lock” part catching packets that the connection tracking system has categorized as “INVALID” and not part of a known connection state. The matching against existing conntrack entries is very fast and completely scalable. The conntrack system actually does lockless RCU (read-copy update) lookups for existing connections.

Essentially, this solves all other TCP-flooding packets except SYN-flooding.

SYNPROXY essentially does parallel SYN-cookies and not create a conntrack entry before the SYN-ACK packet is received thus avoiding the conntrack new connections lock. Once the initial connection is established the normal conntrack system will take over and do all the needed forwarding.

SYNPROXY can now block all type of SYN SPOOFED attacks.

– DPDK 18.11 .: We implemented DPDK into our 2nd level SeGuard devices. DPDK is used on devices that need to inspect packes for know theads DPDK is the Data Plane Development Kit that consists of libraries to accelerate packet processing workloads.

We can now forward packets during inspection and analysis. We also use DPDK filters API to block hem reducing the CPU load. This will increase forwarding rate 10x.

– Speed boost in generating PDF files .: Reports are now generated faster and GDPR compliance.

– Static Filters now visible in Firewall region

– Attack Dump now available .: Under Anomaly archive you can click on Flow Trace button to open an editor with sample of the attack (source port, protocol, source ips, destination ips, destinations port, ttl)

– Improvement on TCP decoders .: We’re now able to inspect www traffic. Also new decoders supported like TCP-ACK, TCP-SYNACK, TCP-RST.

Next Scheduled Upgrade

Centurylink Upgrade – We will perform Centurylink (Level 3) link upgrade adding new 100Ge Port in Milan

In-line Firewall with IPs – We will add new next-gen firewall- Customers can protect close ports with custom rules and we will do web filtering to protect from attacks and malware. This protection will be in-line, avaialable 24/24 (not only durin mitigation)

Upgrade on DdoS Filters – We will add new servers to upgrade payload inspection capacity to 200Gbps

….. and more

Jennifer Whoapez

Written by

A web-designer, coder, shark fighter and an MI6 agent, in her free time Jennifer writes for our incredible Wordpress-related blog and occasionally sings in public!