DDoS Protection
High-performance DDoS protection
3.2 Tbps Arbor continuous protection from Netscout, automated, real-time, and included at no extra cost. Your infrastructure stays online even during an attack.
Real-time filtering
Attacks are detected and filtered within a few milliseconds. No null-routing, your server stays continuously reachable.
Automatic detection
Continuous protection runs permanently in the background, no configuration required. All attack patterns are detected automatically and filtered 24/7.
Layer 3 to Layer 7
Botnet, flood (ICMP, DNS amplification, TCP/UDP), SYN, fragmentation and HTTP/S flood attacks: every attack pattern is detected and filtered instantly.
Specialized for gaming
Precisely tuned for Minecraft, FiveM, CS:GO, Rust, Arma, Valheim, Teamspeak and more, with minimal latency so your players stay connected.
Included free of charge
Enabled on every KernelHost server package at no extra cost. No separate protection tiers, no hidden fees, simply included.
Emergency support
Under attack at your current provider? Contact us for a fast migration, we'll pull you out of the fire.
Arbor always-on DDoS protection
No matter how many or which attack patterns hit: Arbor DDoS protection filters them all out.
The protection is developed and adapted daily to detect new attack patterns. It runs continuously and automatically on all root servers, game servers, and web servers.
Emergency: is your project currently under a DDoS attack?
Reach us via ticket or WhatsApp emergency chat at +43 650 8209883. We'll help immediately.
DDoS Protection: Frequently Asked Questions
What is DDoS protection?
DDoS (Distributed Denial of Service) protection is a security system that detects and filters malicious traffic before it reaches your server. It analyses incoming data packets in real time and blocks attack traffic while allowing legitimate users to connect normally. Without DDoS protection, a targeted attack can overwhelm your server's network connection and take it offline.
How does permanent DDoS protection work?
KernelHost uses Arbor DDoS permanent protection, which is always active, not just triggered when an attack is detected. All traffic passes through the Arbor scrubbing infrastructure 24/7, where attack patterns across Layer 3 to Layer 7 are identified and filtered within milliseconds. This ensures zero reaction delay and no disruption to normal server operation.
Is null-routing used during a DDoS attack?
No. KernelHost does not null-route IP addresses during DDoS attacks. Null-routing means blocking all traffic to your IP, which effectively takes your server offline. Instead, our Arbor permanent protection filters out attack traffic while keeping your server online and accessible throughout the attack.
Does the DDoS filter add latency?
Arbor DDoS filtering adds no latency to your traffic. The filtering is performed at hardware level directly within the network infrastructure, with no measurable impact on ping times. Ideal for gaming applications where every millisecond counts.
Does KernelHost protect against Layer 7 attacks?
Yes. The Arbor DDoS protection at KernelHost filters all attack patterns from Layer 3 through Layer 7 in real time. Layer 7 (application-layer) attacks such as HTTP floods, DNS query floods, and SIP invite floods are identified and blocked within milliseconds without disrupting legitimate traffic.
Is there specialised gameserver mitigation?
Yes. KernelHost's Arbor permanent protection includes dedicated gameserver mitigation logic for UDP-based game protocols used by Minecraft, FiveM, CS:GO, Ark, Rust, Valheim and others. Attack packets are filtered while legitimate player traffic passes through unaffected. Voice servers such as TeamSpeak are fully covered as well.
How quickly are DDoS attacks detected and filtered?
Because KernelHost operates a permanent (always-on) protection, there is no detection delay. All traffic is continuously routed through the Arbor scrubbing infrastructure 24/7. Attack packets are identified and removed within milliseconds, with zero downtime for your server.
