Telco Transformation: enable you to deploy and offer DDoS mitigation-as-a-service at a low capex and a low opex.
Read more
MX7000: A powerful, versatile 'cloud-in-a-box' DDoS mitigation solution.
Learn more
TAP the lucrative market for DDoS Protection.
Be Our Partner
The Capture The Flag challenge: Get on the top of the scoreboard and win an Pentester Expert Coin !
Enroll now
According to the Q3 2020 DDoS Threat Report, 77% of cyberattacks were targeted at online gaming companies, and attacks witnessed were largely volumetric and single vector attacks.
Download the report
Cybersecurity best practices and DDoS defence strategies
On the Nexusguard platform, you can configure protection from TCP SYN flood attacks. The mechanism works like this: When a client sends a connection request (SYN segment) to the host, the platform intercepts the SYN segment and responds to the client with a SYN/ACK segment. The platform waits the specified timeout period for the return ACK from the client to complete the TCP handshake.
If the platform does not receive a return ACK during the timeout period, it drops the packet. If the platform receives a return ACK, indicating that the client is legitimate and is not spoofed, it establishes a connection with the requested server and forwards the original connection request.
As a second layer of defence, the platform can be configured to limit the number of embryonic (half-open) connections. When the embryonic connection threshold of a connection is crossed, the platform acts as a proxy for the server and generates a SYN-ACK response to the client’s SYN request using the SYN cookie method. When the platform receives an ACK back from the client, it can then authenticate that the client is real and allow the connection to the backend server.
Last but not the least, Nexusguard’s mitigation platform employs global BGP Anycast to disperse and mitigate attack traffic across the global scrubbing network, ensuring extreme resilience and low latency during attack time.
Thank You!
We will get back to you shortly.
If the platform does not receive a return ACK during the timeout period, it drops the packet. If the platform receives a return ACK, indicating that the client is legitimate and is not spoofed, it establishes a connection with the requested server and forwards the original connection request.
© Copyright 2021. Nexuguard Limited.
All Rights Reserved. Read Our Privacy Policy.