One of the tools the UltraDDoS Protect platform often uses to mitigate attacks is employing Filter Lists provided by customers to refine the traffic that is dropped or passed during an event. Filter Lists enable customers to control network traffic by specifying which IP addresses or ranges are permitted or denied access to network resources. These lists can be configured to either allow or block traffic from specific IP addresses, making them a powerful tool for protecting your network.
Filter Lists and UltraDDoS Protect.
Vercara allows our UltraDDoS Protect customers to provide their own Filter Lists, which the Vercara SOC team manually instruments for them. The SOC team can then select these filter lists for inclusion in mitigation events in a couple of different ways, either used during auto-mitigation for the customer, or used later by the SOC to manually create mitigation events for the customer.
One of our recent enhancements is to make these IP Filter Lists visible to customers in the UltraDDoS Portal. You can find them on the Landing Page by navigating to Configuration > Filter Lists. There you will find that several types of lists are supported:
- Deny/Allow Filters Lists are configurable lists consist of FCAP specifications to drop or pass traffic without additional scrutiny. FCAP syntax allows complex filtering based mostly on IP header and TCP/UDP/ICMP header information with full and/or/not logic, nested elements, and intermixed drop and pass filter statements. Vercara’s DDoS service leverages an extended version of the standard FCAP expression language used by programs such as tcpdump.
- IP Address Drop/Pass Filter Lists are used to define which traffic by IP address prefix (in CIDR notation) should be dropped or passed by a mitigation.
- IP Location Filter Lists are used to define which traffic should be passed or dropped based on the source country of the IP Address, using ISO3166 2- or 3-character codes for country identification.
As a best practice, we recommend customers review these lists monthly based on your recent mitigations and latest threat intelligence and requests updates as needed.
Discover the power of UltraDDoS Protect.
Ready to discover how these new features can help you secure your online experience? Contact your account manager or reach out to our sales team for a free demo!
