What the prefilter allows through is subsequently handled by AS203446 our proprietary post-filtering software. This software is powered by a cluster of Intel Xeon systems equipped with Mellanox network cards, engineered for high performance and scalability.

Protocol Attack Protection

The post-filtering can block the following types of attacks:

• Invalid packets

• Anomalous TCP flag combinations (e.g., no flag, SYN-FIN, SYN frag, LAND attack)

• SYN-ACK amplification attack protection

• IP options

• Packet size validation (prevents 'Ping of Death')

• TCP/UDP/SSL/ICMP flood protection

• Per-connection traffic control

Challenge-based Authentication

Our software also utilizes various challenge-based authentication mechanisms:

• TCP SYN cookies, SYN authentication

• ACK authentication

• Spoof detection

• DNS authentication

Zero-day Automated Protection (ZAPR)

We also leverage machine learning algorithms for real-time attack pattern recognition and filtering, which offers:

• ZAPR: Machine Learning powered attack pattern recognition

• TCP progression tracking

• Capability to prevent zero-day attacks

• No pre-configuration or manual intervention needed

• Fast, automated response

By incorporating advanced AI techniques, our system adapts to new forms of network-level attacks, offering robust security with minimal lag or disruption. This allows us to provide our users with a stable, uninterrupted experience.