This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our Private policy>

Need Help?

AntiDDoS1000 Series DDoS Protection Systems

The Huawei AntiDDoS1600 DDoS protection system employs Big Data analytics technology and supports modeling for 60+ types of network traffic to offer second-level attack response and comprehensive defense against 100+ types of attacks. The AntiDDoS1600 can be deployed on a user network in in-line mode to defend against volumetric and application attacks in real time.

When attack traffic exceeds the bandwidth or defense capability of a local scrubbing device, the AntiDDoS1600 associates with the AntiDDoS device of the upstream carrier or ISP to defend against flood attacks and guarantee service continuity.

Precise protection, second-level response, in-line deployment, layered defense

  • Precise anti-DDoS protection: 60+ traffic models, defense against 100+ types of DDoS attacks, second-level attack response
  • In-line protection: In-line deployment to defend against volumetric and application attacks in real time
  • Layered defense: Association with anti-DDoS devices of upstream carriers or ISPs to defend against flood attacks

Specifications

Model

AntiDDoS1650

AntiDDoS1680

Throughput

Up to 5 Gbit/s

Up to 8 Gbit/s

Mitigation Rate

Up to 3 Mpps

Up to 7 Mpps

Latency

80 μs

80 μs

Standard Interfaces

8 x GE (RJ45) + 4 x GE (SFP)

16 x GE (RJ45) x 8 × GE (SFP) + 4 x 10 GE (SFP)

Expansion Slots

2 x WSIC

5 x WSIC

Expansion Interfaces

8 x GE (RJ45); 8 x GE (RJ45) + 2 x 10 GE (SFP+); 8 x GE (SFP); 4 x GE (RJ45) Bypass card

Deployment Modes

In-line; Out-of-path (static defense); Out-of-patch (dynamic defense)

Function

Options for detecting or cleaning

Defense against protocol abuse attacks

Defense against Land, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks

Web application protection

Defense against HTTP GET flood, HTTP POST flood, HTTP slow header, HTTP slow post, HTTPS flood, SSL DoS/DDoS, WordPress reflection amplification, RUDY, and LOIC attacks; packet validity check

Defense against scanning and sniffing attacks

Defense against address and port scanning attacks, and attacks using Tracert packets and IP options, such as IP source route, timestamp, and record route

DNS application protection

Defense against DNS query flood, DNS reply flood, and DNS cache poisoning attacks; source limit

Defense against network-type attacks

Defense against SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP fragment flood, UDP flood, UDP fragment flood, IP flood, ICMP flood, TCP connection flood, sockstress, TCP retransmission, and TCP empty connection attacks

SIP application protection

Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks; source limit

Defense against UDP-based reflection amplification attacks

Defense against NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, Portmapper, Microsoft SQL Resolution Service, RIPv1, and Steam

Protocol reflection amplification attacks

Filter

IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters

Location-based filtering

Traffic block or limit based on the source IP address location

Attack signature database

RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases; automatic weekly update of these signature databases

IP reputation

Tracking of most active 5 million zombies and automatic daily update of the IP reputation database to rapidly block attacks; local access IP reputation learning to create dynamic IP reputation based on local service sessions, rapidly forward service access traffic, and enhance user experiences

WORLDWIDE

Huawei Enterprise APP

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.