DDOS MITIGATION

Intelligent DDoS Mitigation

Block large-scale DDoS attacks in real-time with 200+ Tbps filtering capacity. Protect your business with Near-Zero TTM.

Mitigate large-scale attacks and sophisticated attacks.

Through Always-On, Inline DDoS Mitigation, achieve near-zero TTM (Time to Mitigation)with immediate response. Protect your infrastructure from DDoS attacks through a global edge network connected to G-Core and GSL Network, using real-time Packet-Level authentication technology instead of traditional threshold-based methods.

Core Performance Metrics

LARGEST ATTACK
2.1 Tbps
MAX ATTACK

Largest Attack Mitigated

PacketStream’s global defense infrastructure has successfully mitigated DDoS attacks peaking at 2.1 Tbps.

FILTERING
200 Tbps
CAPACITY

Edge Filtering Capacity

Through G-Core and GSL Network filtering layers, the total edge filtering capacity exceeds 200 Tbps.

EDGE POP
210
POP

Edge Filtering Locations

More than 210 edge PoPs worldwide provide distributed DDoS filtering, blocking attacks close to their origin to minimize latency and maximize mitigation efficiency.

PROTECTED
10K+
IPv4

Protected IPs

Over 10,000 IPv4 addresses are continuously protected under PacketStream’s adaptive defense system, ensuring high availability through per-IP traffic analytics and custom mitigation policies.

Real-Time Packet-Level Authentication

Moving beyond traditional threshold-based methods, authenticate all packets in real-time at near Line Rate speed. Verify packet validity rather than traffic volume to immediately block sophisticated attacks.

Threshold-Free Protection

Packet-Level authentication without traffic thresholds

Line Rate Authentication

Real-time validation at network speed level

Low False Positive

Minimize false positives for normal traffic

Traditional
Threshold-Based

Difficulty detecting sophisticated attacks only when thresholds are exceeded

PacketStream
Packet-Level Auth

Real-time authentication of all packets blocks sophisticated attacks immediately

Intelligent DDoS Mitigation Engine without Blind Spots

Adaptive Stateful Filtering Engine is PacketStream's core DDoS mitigation technology that operates based on real-time traffic state and attack patterns. Instead of relying on static rules or signatures, it continuously adjusts filtering logic to match the changing attack environment.

ENGINE ARCHITECTURE
Input
Inbound
Traffic
Real-time
Telemetry
Adaptive Stateful Filtering Engine
01
State Tracking

Flow/Connection state, structural separation of normal and attack traffic

02
Pattern Analysis

Protocol behavior analysis, normal traffic baseline learning

03
Adaptive Filter

Real-time policy enforcement, auto-correction, minimize false positives

Output
Clean
Traffic
Blocked
Attack

Protect all protocols from L3/L4 to L7

Instead of simply protecting the L3/L4 network layer, PacketStream authenticates and validates the protocol itself at the L7 application layer in real-time. By learning the unique characteristics and normal behavior patterns of each protocol, it blocks sophisticated attacks that exploit protocols.

L3/L4

Network Layer

Block volumetric attacks and protocol abuse at IP, TCP, UDP level

TCPUDPICMPGREESP
L7

Application Layer

Validate normal behavior of application protocols like HTTP, TLS

HTTPTLS 1.2/1.3SSHRDPFTP
CUSTOM

Custom Protocols

Custom filtering for specialized protocols like game servers, VoIP

RakNetSource EngineTeamSpeak 3Custom UDP
WEB & APPLICATION

Web & Application

HTTP
Web traffic protection
TLS 1.2/1.3
HTTPS encrypted connection validation
SSH
Secure shell / SFTP protection
RDP
Remote desktop (TCP/UDP)
FTP
File transfer protection
DNS
DNS query protection
NTP
Time-sync protection
ICMP
Ping / control message filter
General TCP
Generic TCP applications
General UDP
Generic UDP applications
VPN & TUNNELING

VPN & Tunneling

OpenVPN
OpenVPN tunnel protection
WireGuard
Next-gen VPN protocol
IPsec / ESP
IPsec payload protection
GRE
Tunnel encapsulation protection
GAMING & VOIP

Gaming & VoIP

TeamSpeak 3
Voice server protection
Plasmo Voice
Minecraft voice mod
Source Engine / A2S
Valve game servers
Source Engine 2 / A2S
Next-gen Source engine
CS:GO
Counter-Strike
Left 4 Dead 2
Co-op FPS
FiveM
GTA multiplayer
AltV
Alternative GTA multiplayer
Multi Theft Auto
GTA classic multiplayer
San Andreas Multiplayer
GTA:SA multiplayer
RakNet
RakNet game engine
Rust
Survival game
Minecraft Bedrock
Minecraft Bedrock
Terraria
2D sandbox
7 Days to Die
Zombie survival
Minecraft Java
Minecraft servers
ARK: Survival Ascended
ARK remastered
ARK: Survival Evolved
ARK original
DayZ
Zombie survival
Palworld
Palworld servers
Hurtworld
Survival game
The Isle
Dinosaur survival
Path of Titans
Dinosaur survival MMO
Factorio
Factory automation multiplayer
Longvinter
Open-world survival
SCP: Secret Laboratory
Co-op horror
Arma Reforger
Military simulation
Tibia
Classic MMORPG
In addition to the protocols listed above, we support various custom protocols.
Custom Protocol Support

3-Tier Defense Architecture

Effectively mitigate DDoS attacks of all sizes through a 3-tier layered defense system from edge to origin.

01
EDGE LAYER

Edge Scrubbing

Perform first-line traffic analysis at edge locations in 210 PoPs worldwide to immediately block obvious attack patterns. Distribute attack traffic to the nearest scrubbing center through BGP Anycast routing.

02
ANALYSIS LAYER

Deep Analysis & Mitigation

An AI-based machine learning engine performs deep analysis on suspicious traffic to detect sophisticated attack patterns. Through behavioral analysis, it identifies and automatically generates mitigation policies for Zero-Day attacks in real-time.

03
DELIVERY LAYER

Clean Traffic Delivery

Ensure 100% availability by delivering only legitimate, clean traffic to origin servers. Continuously monitor for residual threats and respond in real-time.

Deployment Scenarios

Choose the optimal deployment method that fits your business requirements and infrastructure environment.

Always-On

DEFAULT

All traffic always routes through PacketStream for real-time protection. Achieve Near-Zero TTM with immediate mitigation upon attack.

Near-Zero TTM
Real-time Analysis
Automatic Mitigation
Performance Optimization

On-Demand

Use Direct connection during normal operation, automatically route traffic to PacketStream upon attack detection.

Cost Efficiency
Automatic Switching
BGP Routing
Flexible Operation

On-Premise

Install DDoS defense equipment in on-premise environment to implement hybrid protection. Enable large-scale attack response by integrating with cloud.

Hybrid Defense
Data Sovereignty
Cloud Integration
Custom Policies

Protect Your Business from DDoS Attacks

Start real-time protection with PacketStream DDoS Mitigation