Overview & Information
Layer 4 DDoS Protection
AS203446 Smartnet SmartMitigate offers an activatable Layer 4 DDoS Protection. This protects against the following attacks, for example:
- IPv4 and IPv6
- UDP floods
- TCP floods
- GRE floods
- Other protocol floods
- ICMP floods
- Resource exhaustion attacks
- Amplification floods
- Zero Day Attack Prevention (Identifies attacks that cannot be filtered by typical countermeasures or when the system determines that this type of mitigation is more cost-effective in terms of hardware and computing resource utilisation)
Portranges
DDoS Protection has defined different portranges for different applications, these must be used with the corresponding application.
- FiveM: 30000-32000
- Facorio: 34100-34200
- TeamSpeak3: 9000-9999
- VALVE Source Engine: 27000-28000
- Rust: 28015-28100
- Minecraft Bedrock Edition: 19100-19200
- Palworld: 8200-8300
- SCP: Secret Laboratory: 7100-7200
- OpenVPN: 1194 - 1294
- Wireguard: 51820 - 51920
- FiveM: 30000-32000
- Minecraft Java Edition: 25565-26000
- SSH: 22
- http: 80
- https: 443
Known limitations / Expected behaviour
Random Ports
For ports that are not listed above, the TCP reset is performed by default, when the protection is active.
GRE tunnels
GRE tunnels are blocked via IPv4.
TCP authentication
Clients attempting to establish a TCP session after a TCP attack has been detected must retransmit their first connection. This is called