Search
  • AntiDDoS12000 pc

    Anti-DDoS-System
    HiSecEngine AntiDDoS12000

Übersicht

  • Übersicht
  • Funktionen
  • Technische Daten
  • Für Partner
AntiDDoS12000

AntiDDoS-System der Serie AntiDDoS12000

HiSecEngine AntiDDoS12000 bietet eine 2T+-Sicherheitsschutz-Leistung und Möglichkeiten für eine Service-Erweiterung, ideal für die Verhinderung oder Minderung von DDoS-Angriffen. Das System blockiert außerdem Hunderte von komplexen Angriffen in Sekunden oder sogar Millisekunden und stellt so die Service-Kontinuität des Kunden sicher.

Converged Forwarding

Extrem hohe Leistung

Ein einziges HiSecEngine AntiDDoS12000-System, basierend auf einer branchenführenden Hardware-Architektur, bietet eine 2,4 Tbps-DDoS-Angriffsschutzfunktion - branchenweit die beste.

Intelligent O&M

Extrem schnelle Reaktion

Diese Lösung kann auf neue Typen von DDoS-Angriffen innerhalb von Sekunden oder sogar Millisekunden effizient reagieren.

Continuous Security

Optimale Verteidigung

Mit den Fähigkeiten zur Analyse nach Paketen und der Kontrolle des gesamten Datenverkehrs bietet das Produkt eine optimale Verteidigung gegen Hunderte von DDoS-Angriffstypen.

Smart Brain

Intelligent mitigation

Policy templates that combine extensive expert experience, and automatic policy tuning, implementing automatic driving during defense.

Technische Daten

Modell AntiDDoS12004 AntiDDoS12008
Maximaler Verteidigungsdurchsatz 600 Gbps 2,4 Tbps
Max. Verteidigungs-Paketrate 450 Mpps 900 Mpps
Erweiterungs-Slots 4 8
Erweiterungs-Interfaces 24-Port 10GBase LAN/WAN-SFP+ + 2-Port 100GBase-QSFP
48-Port 10GBase LAN/WAN-SFP+
24-Port 10GBase LAN/WAN-SFP+ + 2-Port 100GBase-QSFP
48-Port 10GBase LAN/WAN-SFP+
18-Port 100GBase-QSFP
Abmessungen (H x B x T) 442 mm 874 mm 438 mm 9,8 HE 442 mm 874 mm 703 mm (15,8 HE)
DDoS-Verteidigungsspezifikationen
  • Verteidigung gegen Protokollmissbrauchs-Angriffe
    Verteidigung gegen LAND-, Fraggle-, Smurf-, Winnuke-, Ping of Death-, Teardrop- und TCP Error Flag-Angriffe
  • Web-Anwendungsschutz
    Verteidigung gegen HTTP GET Flood, HTTP POST Flood, HTTP Slow Header, HTTP Slow POST, HTTPS Flood, WordPress-Reflexion und Amplifikation, RUDY, und LOIC-Angriffe, Paket-Validitätsüberprüfung
  • Verteidigung gegen Scanning- und Sniffing-Angriffe
    Verteidigung gegen Adressen-Sweep- und Port-Scan-Angriffe, und Angriffe mit Tracert-Paketen und IP-Optionen, wie IP-Source-Routing, Timestamp und Route-Aufzeichnungsoptionen
  • DNS-Anwendungsschutz
    Verteidigung gegen DNS Query Flood, DNS Reply Flood und DNS Cache Poisoning-Angriffe; quellenbasierte Ratenbegrenzung
  • Verteidigung gegen Netzwerk-Angriffe
    Verteidigung gegen SYN Flood, SYN-ACK Flood, ACK Flood, FIN Flood, RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, IP Flood, ICMP Flood, TCP Connection Flood, SockStress, TCP Retransmission und TCP-Null-Connection-Angriffe
  • SIP-Anwendungsschutz
    Verteidigung gegen SIP Flood and SIP Methods Flood-Angriffe, einschließlich Register Flood, Deregistration Flood, Authentication Flood- und Call Flood-Angriffe; Unterstützung für Quellratenbegrenzung
  • Verteidigung gegen UDP-Reflexions- und Amplifikations-Angriffe
    Verteidigung gegen NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, PortMapper, Microsoft SQL Resolution Service, RIPv1 und Steam Protocol-Reflexions- und Amplifikations-Angriffe
  • Filter
    IP, TCP, UDP, ICMP, DNS, SIP und HTTP-Paketfilter
  • Angriffssignatur-Datenbanken
    RUDY, SlowHTTPTest, SlowLoris, LOIC, AnonCannon, RefRef, ApacheKill, ApacheBench; automatisches wöchentliches Update
Model AntiDDoS12004-F AntiDDoS12008-F
Max Defense Bandwidth 300 Gbps 600 Gbps
Max Defense Packet Rate 200 Mpps 400 Mpps
Slots of Main Control Unit 2
Main Control Unit Supports 1*100GE QSFP28/2*40GE QSFP+/4*25G SFP28/8*10G SFP+ ports
Expansion Slots 4 8
Expansion Interfaces 2 x 40G/100GBase-QSFP28 + 12 x 100M/1G/10GBase-SFP+
24 x 100M/1G/10GBase-SFP+
Dimensions (H x W x D) 352.8mm x 442mm x 515.5mm (8U) 575mm x 442mm x 515.5mm (13U)
DDoS Defense Specifications • Defense against malformed-packet attacks

Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks


• Defense against scanning and sniffing attacks

Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options


• Defense against network-layer flood attacks

Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood, ICMP flood, Other flood, carpet-bombing flood, and pulse-wave attacks


• Defense against session-layer attacks

Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks


• Defense against UDP reflection attacks

Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP, Memcached, Chargen, SNMP and WSD
Dynamic generation of filtering rules to defend against new UDP amplification attacks


• Defense against TCP reflection attacks

Static filtering rules that are created based on network-layer characteristics
TCP reflection attack filtering rules that are dynamically generated


• Defense against TCP replay attacks

Static filtering rules that are created based on network-layer characteristics
TCP replay attack filtering rules that are dynamically generated


• Defense against application-layer attacks (HTTP)

Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior analysis
Defense against low-frequency application-layer attacks (HTTP and HTTP CC attacks) based on machine learning
Defense against slow-rate HTTP attacks based on behavior analysis, including HTTP slow header, HTTP slow post, RUDY, LOIC, HTTP multi-methods, HTTP Range request amplification, and HTTP null connection attacks


• Defense against HTTPS/TLS encrypted application-layer attacks

Defense against high-frequency HTTPS/TLS encrypted attacks
Defense against slow-rate incomplete TLS session and null connection attacks


• Defense against application-layer attacks (DNS)

Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache poisoning attacks
Source-based rate limiting and domain name–based rate limiting


• Defense against application-layer attacks (SIP)

Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks
Source-based rate limiting


• User-defined filtering rules

User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol.


• Dual-stack defense

IPv4/IPv6 dual-stack defense against DDoS attacks


• Automatic tuning of defense policies

Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies
Automatic attack evidence collection


• Baseline learning

Support for dynamic traffic baseline learning and learning period configuration


• Packet capture-based evidence collection

Automatic packet capture based on attack events and user-defined ACLs for packet capture
Online parsing and analysis, source tracing, and local analysis after downloading for captured packets


Resources

TOP