Skip to main content

DDoS Protection

GoMami provides best-effort DDoS protection for all instances by default. For enhanced protection, an optional 600 Gbps scrubbing service is available as a paid add-on.

Protection Tiers

TierDescriptionCost
DefaultBest-effort basic traffic scrubbingFree, included with all instances
Advanced600 Gbps professional DDoS scrubbingPaid add-on
info

The 600 Gbps advanced protection is a paid feature. Contact support or visit the website for details.

Default Protection

All GoMami instances benefit from basic DDoS protection:

  • Automatic detection of anomalous traffic with basic scrubbing
  • No configuration required — works out of the box
  • Protection capacity varies depending on attack scale and network conditions (best-effort)

Blackhole Mechanism

:::caution Important When an instance is under a large-scale DDoS attack that affects other customers on the same network segment, the system will automatically apply a blackhole (null route) to the instance's IP address:

  • Duration: 30 - 60 minutes
  • Removal: Automatic — manual intervention is not possible
  • Trigger: Attack traffic impacting other customers' normal operations

During the blackhole period, all inbound and outbound traffic to the IP address will be dropped and the service will be temporarily unavailable. Please verify that your services have recovered normally after the blackhole is lifted. :::

Protection Scope

L3/L4 Protection

  • UDP Flood
  • SYN Flood
  • ACK Flood
  • ICMP Flood
  • DNS Amplification
  • NTP Amplification

L7 Protection

  • HTTP Flood
  • CC Attacks
  • Slowloris
info

L7 protection policies may vary depending on the node and protection tier.

Best Practices

We recommend implementing basic security configurations on your server to reduce attack risk:

# Rate limit SYN connections
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT

# Drop invalid packets
iptables -A INPUT -m state --state INVALID -j DROP

# Rate limit ICMP
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

Next Steps