AntiDDoS1000 Series
DDoS Protection Systems
Provide precise protection, second-level
response, in-line deployment, and layered defenses.
AntiDDoS1000 Series DDoS Protection Systems
The Huawei AntiDDoS1000 DDoS protection system utilizes Big Data analytics technology and supports modeling for 60+ types of network traffic to offer second-level attack response and comprehensive defense against 100+ types of attacks. The AntiDDoS1000 can be deployed on a user network using in-line mode to defend against volumetric and application attacks in real time.
When attack traffic exceeds the bandwidth or defense capability of a local scrubbing device, the AntiDDoS1000 associates with the AntiDDoS device of the upstream carrier or ISP to defend against flood attacks and guarantee service continuity.
Precise Anti-DDoS
60+ traffic models, defense against 100+ types of DDoS attacks, and second-level attack response.
In-Line Protection
In-line deployment to defend against volumetric attacks and applications.
Layered Defense
Association with anti-DDoS devices of upstream carriers or ISPs to defend against flood attacks.
Specifications
Model | AntiDDoS1905 | AntiDDoS1908 |
Standard interface | 8×GE COMBO + 4×GE RJ45 + 4×GE SFP + 6×10GE SFP+ | 4 x 100G/40G+16 x 25G/10G(25G/100G COMBO)+8 x 10G/GE |
Deployment mode | In-line; off-line (static defense); off-line (Dynamic defense) | |
Function | Options for detecting or cleaning; supporting flow detection |
Options for detecting or cleaning, or both |
Height x Width x Depth | 43.6 mm × 442 mm × 420 mm (1U) | 43.6 mm x 442 mm x 600 mm (1U) |
DDoS Defense Specifications |
Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options
Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood and ICMP flood attacks, sweeping segment flooding, and pulse-wave attacks
Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks
Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP, Memcached, Chargen, SNMP and WSD
Static filtering rules that are created based on network-layer characteristics
Static filtering rules that are created based on network-layer characteristics
Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior analysis
Defense against high-frequency HTTPS/TLS encrypted attacks
Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache poisoning attacks
Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks
User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol.
IPv4/IPv6 dual-stack defense against DDoS attacks
Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies
Support for dynamic traffic baseline learning and learning period configuration
Automatic packet capture based on attack events and user-defined ACLs for packet capture |
Technical Support