DataHouse Anti-DDoS systems: traffic filtering and selective blackholing

Anti-DDoS protection for DataHouse services: excess traffic filtering, traffic redirection and selective blackholing of attack sources.

DataHouse network security

DataHouse Anti-DDoS systems: traffic filtering and selective blackholing

All DataHouse services are protected by a general Anti-DDoS mechanism. For critical services we also offer dedicated solutions: individual reaction thresholds, excess traffic filtering, traffic redirection and selective blackholing that looks not only at the attack victim, but also at the directions and sources generating the highest volume.

DataHouse Anti-DDoS shield in a data center representing traffic filtering and selective blackholing

Short answer

All DataHouse services are protected by a general Anti-DDoS mechanism. For critical services we also offer dedicated solutions: individual reaction thresholds, excess traffic filtering, traffic redirection and selective blackholing that looks not only at the attack victim, but also at the directions and sources generating the highest volume.

Baseline protection for DataHouse services

The general Anti-DDoS mechanism covers DataHouse services such as VPS, Cloud Pro, dedicated servers, colocation, mail, DNS and business systems hosted in our infrastructure. The goal is to reduce abnormal traffic before it becomes a server-level problem.

Dedicated protection for critical services

For higher-risk or highly exposed public services, protection can be designed with dedicated thresholds, filtering rules, escalation paths, prefix observation, firewall/WAF integration and incident communication procedures.

Traffic filtering and redirection

Excess traffic can be limited with network filters, protocol-specific rules, traffic engineering or redirection to cleaning mechanisms. The choice depends on service type, attack vector and tolerance for temporary degradation.

Selective source blackholing

Classic blackholing is often associated with cutting off the victim. In a selective variant, we also analyse the directions and sources producing the highest volume, so the most aggressive sources can be blocked while availability from other paths is preserved as long as possible.

Practical checklist

  1. List public services, IP addresses, prefixes, ports and dependencies: web, APIs, DNS, mail, VPN, panels and customer applications.
  2. Define the protection level: baseline DataHouse Anti-DDoS or dedicated thresholds, filters and escalation paths for a critical service.
  3. Decide when to use filtering, traffic redirection, firewall/WAF rules and when blackholing is acceptable.
  4. For large incidents, prepare a selective blackholing scenario: victim, largest sources, traffic directions, decision window and rollback of the block.
  5. After the event, compare volume, sources, response time, filter effectiveness and impact on users from unaffected directions.

Frequently asked questions

Are all DataHouse services protected by Anti-DDoS?

Yes. DataHouse services are covered by a general Anti-DDoS mechanism. Critical or especially exposed services can additionally use dedicated protection designs.

What is selective blackholing?

It is an approach where the decision is not limited to the attack victim. The largest sources and traffic directions are also analysed, so traffic from the most aggressive sources can be limited.

Does selective blackholing disconnect the whole service?

The goal is to reduce attack impact without simply cutting off the whole service. Depending on the incident, selected directions, sources or traffic matching defined criteria can be blocked.

When is a dedicated Anti-DDoS solution worth planning?

When the service has high public exposure, high downtime cost, custom protocols, own prefixes, BGP, WAF/firewall or requires an individual response procedure.