> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# About DDoS Protection

DDoS Protection safeguards servers and instances against DDoS attacks. Two protection modes are available: Basic (free, enabled by default on all servers) and Advanced (paid, always-on filtering via a Threat Mitigation System).

## Protection modes

Basic protection is on by default at no cost. Advanced protection is a paid add-on that keeps the server online throughout an attack by routing all traffic through the TMS.

| Feature                             | Advanced protection                                                                                                                                                   | Basic protection                                                             |
| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| Pricing model                       | Paid                                                                                                                                                                  | Free                                                                         |
| Maximum time to recognize an attack | 5 seconds                                                                                                                                                             | 3 minutes                                                                    |
| Attacks it protects from            | Common amplification attacks, IP spoofing attacks, volumetric attacks (L3), connection attacks (L4), application-layer attacks (L5-L7)                                | Common amplification attacks, IP spoofing attacks                            |
| Protection technology               | 1. All traffic passes through TMS.<br /><br />2. In case of an attack, TMS immediately filters the traffic.<br /><br />3. TMS sends legitimate traffic to the server. | 1. Attack is detected.<br /><br />2. The attacked IP is blocked for a while. |
| Best for                            | Servers attacked frequently, servers attacked at the application layer (L7), servers hosting critical business applications                                           | Servers rarely attacked, servers not hosting critical business applications  |

### Basic protection

Basic protection is enabled by default for all servers. No action is required.

#### ACL rules

Basic protection uses predefined ACL rules to block the following traffic types:

* Reflection attacks: DNS, NTP, SSDP, MSSQL, LDAP, SNMP, CharGen, Memcache, Echo, RIP, ARMS
* Fake source IP attacks: `0/32`, `127.0.0.0/8`, `192.0.2.0/24`, `224.0.0.0/3`, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`
* Traffic below 200 Mbit/s per destination IP is not protected

To customize ACL rules, upgrade to [Advanced protection](#advanced-protection).

#### Null-routing

When Basic protection detects a DDoS attack, the system temporarily blocks the target IP address. This mechanism is known as null-routing: the server is protected from attack traffic but becomes unreachable from the internet for 1 to 24 hours.

To keep the service available during an attack, upgrade to Advanced protection.

### Advanced protection

Advanced protection routes all traffic through a Threat Mitigation System (TMS) at all times, even when there's no attack. TMS immediately filters malicious traffic on detection, within 5 seconds, and forwards only legitimate traffic to the server, so the server stays online throughout an attack.

To enable Advanced protection, fill out the [request form](https://gcore.com/ddos-protection#formDdos). Our team will review the request and provide a suitable configuration. Setup time is typically 1-3 business days after approval.

## DDoS attack statistics

The real-time DDoS attack statistics feature provides a live dashboard with an overview of ongoing attacks on protected resources. Filter by data center, time interval, and attack metrics such as bits per second (bps) and packets per second (pps).

<Frame>
  <img src="https://mintcdn.com/gcore/Nyuci9EEwjnGjSHi/images/docs/ddos-protection/onboarding-service/custom-protection-profile-configuration/ddos-attack-statistics.png?fit=max&auto=format&n=Nyuci9EEwjnGjSHi&q=85&s=5485cf85f3b2096cac7c98fc7f7d7e68" alt="DDoS attack statistics" width="3214" height="1396" data-path="images/docs/ddos-protection/onboarding-service/custom-protection-profile-configuration/ddos-attack-statistics.png" />
</Frame>

## Pricing

The price for DDoS Protection depends on three factors:

* **OSI layers**. Two options are available: L3-L4 and L3-L7. L3-L4 protection is more affordable.
* **TMS bandwidth**. Pricing varies based on the TMS bandwidth used to send traffic to the server. Available options: 1 Mbit/s, 10 Mbit/s, 100 Mbit/s, 200 Mbit/s, 500 Mbit/s, 1 Gbit/s, 2 Gbit/s, 10 Gbit/s. The lower the bandwidth, the lower the price.
* **Server location**. Prices vary by data center. Contact us and we'll advise on pricing for a specific location.

Always-on protection is available for L3-L7 protection layers. For custom configurations, contact us to request a tailored plan.