AS203446 Post-filtering

What the prefilter allows through is subsequently handled by AS203446 our proprietary post-filtering software. This software is powered by a cluster of Intel Xeon systems equipped with Mellanox network cards, engineered for high performance and scalability.

Protocol Attack Protection

The post-filtering can block the following types of attacks:

  • Invalid packets

  • Anomalous TCP flag combinations (e.g., no flag, SYN-FIN, SYN frag, LAND attack)

  • SYN-ACK amplification attack protection

  • IP options

  • Packet size validation (prevents 'Ping of Death')

  • TCP/UDP/SSL/ICMP flood protection

  • Per-connection traffic control

Challenge-based Authentication

Our software also utilizes various challenge-based authentication mechanisms:

  • TCP SYN cookies, SYN authentication

  • ACK authentication

  • Spoof detection

  • DNS authentication

Zero-day Automated Protection (ZAPR)

We also leverage machine learning algorithms for real-time attack pattern recognition and filtering, which offers:

  • ZAPR: Machine Learning powered attack pattern recognition

  • TCP progression tracking

  • Capability to prevent zero-day attacks

  • No pre-configuration or manual intervention needed

  • Fast, automated response

By incorporating advanced AI techniques, our system adapts to new forms of network-level attacks, offering robust security with minimal lag or disruption. This allows us to provide our users with a stable, uninterrupted experience.

Last updated