Today’s DDoS attacks are more virulent, more destructive, and more focused than ever. They can easily elude and overwhelm most common defenses. Composed of legitimate-appearing requests, spoofed identities, huge volumes, etc., these highly sophisticated attacks make it virtually impossible to identify and block. DDoS attacks paralyze their targets, prevent them from conducting business, and cost companies billions of dollars in lost revenue every year.

Consistent with its position as a global leader in active perimeter security, NSFOCUS’s Anti-DDoS System (ADS) is designed to defend everyone from small to medium-sized enterprises all the way up to carrier-class providers against damaging DDoS attacks. The ADS not only defends against but also cleans attack traffics to allow critical business functions to continue, keeping your business running, even under the most determined of attacks.

Equipped with a purpose-built operating system and integrating advanced anomaly recognition, source verification, and anti-spoofing technologies, NSFOCUS's ADS delivers robust and comprehensive anti-DDoS protection to businesses of all sizes.

Features

• Accurate Attack Prevention

NSFOCUS has developed a series of innovative algorithms to accurately detect and prevent malicious DDoS attacks. These integrated filtering modules include:

• Anti-Spoofing
• Protocol Analysis
• Customized Application Analysis
• User Behavior Analysis
• Dynamic Fingerprinting
• Rate Limiting

Together, they provide a solid defense by applying probability statistics against both known and unknown DDoS attacks. Utilizing efficient algorithms of attack detection, identification, and mitigation the NSFOCUS ADS deals with massive DDoS attacks, ensuring only valid traffic gets through.

• Multi-level DDoS Prevention Mechanism

The NSFOCUS ADS is an integrated system ready to detect and mitigate increasingly sophisticated, complex, and deceptive DDoS attacks; including network layer attacks such as SYN Flood, UDP Flood, ICMP Flood, and more importantly, application layer attacks like the newer HTTP and DNS variants.
 

• Flexible Scalability

NSFOCUS’s ADS features an advanced cluster architecture, with processing scalability to easily expand system capacity as needed. Both in-line and traffic diversion modes are flexible and easy to deploy when additional processing capacity is required. The traffic diversion deployment mode, combined with clustering and peering, can enable DDoS traffic attack prevention capability of up to hundreds of Gbps.
 

• Intuitive and Centralized Management

The NSFOCUS ADS features an intuitive, web-based GUI that simplifies and streamlines the policy definition, operational monitoring, and report generation processes. Multiple monitoring and reporting levels provide network operators and security administrators with a wide range of detailed real-time and historical information, as well as valuable information for security experts to review and tune ADS security policies.


 

• Advanced System Architecture

NSFOCUS’ specially-designed ADS operating system reduces memory overhead, ensuring efficient operation; its modularized control system ensures operation availability, under even the most extreme attack scenarios.
For those customers with higher throughput requirements, the high-end series of NSFOCUS’ ADS utilizes Tilera’s^® TILE64Pro™ multi-core architecture, dramatically boosting prevention capability up to 10 Gbps without compromising performance.



Applications

Integrated with the NSFOCUS NTA (Network Traffic Analyst) and NSFOCUS ADS-M (Management Console), the NSFOCUS ADS system offers an anti-DDoS solution that automatically analyzes and cleans anomaly traffic and provides reporting and self-service capability to end users. Service provider can separate end users as different business domains. Each business domain has different protection policy with different report as well.

When an attack occurs, traffic is diverted and filtered by the ADS that is deployed at the customer’s egress point out of the main path. After filtering, the cleaned traffic is streamed back to the network. The out-of-path mode ensures network security, maximizing the business uptime.
The application scenario includes:

• IDC
• Internet corporations
• ISP
• Financial Group
• Telecom Backbone networks

 

                                          Detection & mitigation workflow

 

SPECIFICATIONS	ADS 6000 Series		ADS 4000 Series		ADS 2000 Series
	ADS6020		ADS4020		ADS2020		ADS2010
Maximum Mitigation Capacity (bps)	Up to 20G		Up to 10G		Up to 4G		Up to 2G
Performance (pps)	14,880,000		8,928,000		2,976,000		1,488,000
Latency	40 μs
Attack Prevention	● TCP - SYN flood - ACK flood - fins flood - fragments ● HTTP GET/POST Flood ● UDP - random port floods - fragments ● ICMP - Unreachable - Echo - fragments ● Anonymous attacks ● Connection Exhaustion ● Stream Flood ● Malformed HTTP header attacks ● DNS flood attacks ● SIP attacks
Interfaces	Up to: 2*10GE XFP, 12*GE SFP ( copper, SFP-GE-SX ,and  SFP-GE-LX available ) 8*GE copper port built-in		Up to: 2*10GE SFP+ 16*GE port (copper, SFP-GE-SX ,and  SFP-GE-LX available)		Up to: 4*GE port (copper, SFP-GE-SX, and SFP-GE-LX available) 4*GE copper port built-in
Detection & Mitigation Algorithms	Real-time traffic monitoring (Signature-based, Behavior-based), Client-Side Identification (SYN cookie, URL Redirection, CAPTCHA), ACL Mechanism (Network Layer and Application Layer), pattern matching.
Fail-Open/Fail-close	Solution enabled		Internal fail-open/fail-close for GE ports		Internal fail-open/fail-close for GE ports
Deployment	Traffic Diversion (Out-of-Path)		In-line Traffic Diversion (out-of-Path)		In-line
IP protocols	IPV4/V6
Routing Protocols	BGP, OSPF, RIP, IS-IS, static routing				N/A
Network Layer Protocol	PBR, MPLS-LSP, MPLS VPN, GRE tunnel, L2 VLAN				N/A
Weight	10.5 Kg		11 Kg		11 Kg		11 Kg
Dimension (W*D*H)	550mm× 440mm×88mm		575mm× 432mm×88mm		575mm× 432mm×88mm		575mm× 432mm×88mm
Rack	2U		2U		2U		2U
Power Supply	AC/DC Dual power supply		AC/DC Dual power supply		AC/DC Dual power supply		AC/DC Dual power supply
Power Consumption	150W		350W		350W		350W
MTBF	87,600 hours		45,000 hours		45,000 hours		45,000 hours
Operating Temperature	0-45℃ (32-113F)		0-40℃ (32-104F)		0-40℃ (32-104F)		0-40℃ (32-104F)
Storage Temperature	-20-65℃		-20-80℃		-20-80℃		-20-80℃
Compliance	CE, FCC, UL, CB, KCC, ROHS