What are the DDoS ACL profile options/which one should I pick?

What are the DDoS ACL profiles/What do they mean/Which should I choose?

All servers on the Awknet network (unless otherwise requested) include automatic or always on flood filtering over 40Gbps of advanced DDoS mitigation devices. In addition clients can pick one of three DDoS ACL profiles providing multiple Tbps of network edge blocking against amplification/reflection and bandwidth saturation attacks.  When customizing your server at check-out you will be asked to select Type of Services & DDoS ACL profile from a drop down menu - below are details to help you make the right choice.


All Protocols - no ACL restrictions/light or no DDoS attacks

   This traffic profile utilizes no network edge blocking. All traffic will be passed further into the network and toward your server unless our monitoring systems detect a flood. Clients facing small DDoS attacks or who need to use unusual protocols/services may select this profile to enable all data types.


TCP Only - best ACL protection/heavy DDoS attacks

   Our most effective DDoS mitigation solution providing multiple Tbps of always-on network edge blocking against some of the largest saturation attacks and botnets. Only TCP data is permitted further into the network and any TCP attacks are automatically redirected over the DDoS mitigation devices. Best level of filtering and recommended for TCP only services such as Webhosting, Mailservers, IRC, Streaming, and those suffering from huge bandwidth saturation attacks.


TCP+UDP+ICMP+GRE - basic ACL protection/moderate DDoS attacks

   Our basic ACL protection is the default option and provides multiple Tbps of always-on network edge blocking against some of the more common reflection/amplification/bandwidth saturation floods while also permitting the standard variety of non-TCP services such as GRE Tunneling, UDP Gameservers, DNS, etc. Recommended for servers that need typical non-TCP services and extra edge protection from common saturation attacks. Advanced attacks not blocked at network edge and TCP floods are automatically rerouted to the DDoS mitigation devices.


Was this answer helpful?

 Print this Article

Also Read

How do I reset IPMI incase of connection problem?

  The latest IPMI firmware is quite good so this doesn't happen much, but older versions of the...

How do I view my traffic graphs?

  To view your server traffic graphs, login to the client area and click on the "Services"...

My server went offline when I tried binding extra IPs?

  If your server goes offline when binding IPs you've probably made the mistake of assigning the...

How much are extra IPs?

  Extra IPs are typically $1/mo and come in standard subnet sizes (/29, /28, /27, etc) with...