Features

Advanced DDoS Protection Capabilities

FastPPS AntiDDoS combines high-performance packet processing with adaptive detection technologies to mitigate modern multi-vector DDoS attacks.

Architecture

  • L3–L7 DDoS Protection

    FastPPS detects and automatically mitigates DDoS attacks across OSI Layers 3–7. The platform includes more than 50 countermeasures based on multiple protection mechanisms, including challenge-response, rate-based filtering, regular expression matching, validation, traffic limiting, IP lists, and application behavior analysis.

  • BGP and BGP FlowSpec

    FastPPS supports interaction via BGP and BGP FlowSpec for traffic redirection to scrubbing systems, upstream signaling, and blackhole announcements. Each instance operates as an independent BGP speaker with automatic withdrawal of announcements in case of filtering node failure.

  • Service Creation and Flexible Role Model

    FastPPS enables the deployment of managed DDoS protection services. Traffic segmentation allows independent filtering policies for individual customers. A flexible role-based access model and password management policies are supported.

  • Auto-detection

    FastPPS includes built-in automatic activation and deactivation of protection mechanisms based on configurable thresholds for both inline traffic and Flow collector data. Independent threshold configuration and response timing are supported for each protection policy.

Deployment and Infrastructure

  • Flow Collector Support

    Enables attack detection and protection activation for individual policies without permanent traffic redirection through FastPPS. The system also provides real-time and historical traffic statistics visualization.

  • WAF Integration

    Traffic from protected services can be redirected to a Web Application Firewall for additional inspection and analysis. Redirection parameters can be configured individually for each protection policy.

  • REST API

    The REST API enables integration with external security and monitoring systems and supports full automation of management operations.

  • Docker

    The software is delivered as a set of Docker containers. System updates can be performed using only a few commands.

Mechanisms and Countermeasures

  • TCP Protection for Asymmetric Traffic

    To mitigate TCP attacks when only inbound traffic is visible, FastPPS applies widely accepted validation techniques, including TCP session resets and sequence number verification using different flag combinations.

    In addition to standard protection mechanisms, a unique ISN synchronization mode is available, allowing asymmetric traffic protection without unnecessary packet exchange or client session interruption.

    Host-level protection can be activated only for attacked servers, minimizing impact on other services.

  • TCP Protection for Symmetric Traffic

    FastPPS supports SYN proxy (TCP splicing) protection when outbound traffic from protected resources passes through the mitigation system.

  • TLS Protection

    FastPPS protects TLS-based applications without traffic decryption by analyzing TLS parameters and JA3 fingerprints. Combined with additional countermeasures and web server log analysis, this approach provides highly effective protection against encrypted-layer attacks.

  • Protection of Specific Protocols

    FastPPS includes countermeasures allowing administrators to define expected behavior patterns of protected protocol traffic and configure sender authentication rules.

Audit and Logging

  • Syslog Drops

    FastPPS can generate syslog messages for each dropped packet according to selected countermeasures and protection policies, enabling further analysis within SIEM systems.

  • Incidents

    FastPPS maintains detailed logs of traffic anomalies identified as attacks. Periodic incident reporting within protection policies is supported, along with subscriptions to system event notifications.

  • PCAP

    FastPPS supports both manual and automatic traffic dump collection and can deliver PCAP files via email, Telegram, or external file storage systems.

  • sFlow

    FastPPS can export sFlow data for both inbound and outbound traffic using configurable sampling rates.

UX

  • Easy Management

    A single interface screen is used for configuring countermeasures and monitoring their effectiveness without switching between multiple web interface pages.

  • Bulk Changes

    Administrative actions can be applied simultaneously to multiple protection policies.

  • Dashboards

    The FastPPS web interface allows creation of customizable dashboards with configurable widgets containing graphs and statistics, enabling operators to quickly switch between monitoring views and operational tasks.