Skip to content

About GLAD

This document will explain the following:

  • What is GLAD?
  • What is a DDoS attack?
  • How DDoS attacks can impact services
  • Explanation of the product and its features
  • Overview of product packages

What is GLAD?

GLAD (Global Low-Latency anti-DDoS protection) is a collection of in-house tools that we offer at i3D.net, that can prevent, detect, and thwart a strike. It's important to understand what is meant by a "strike" and what strikes can do to disrupt services, and how our GLAD product can deter such attacks. For more information about how attacks work, read the paragraph below.

What is a distributed denial-of-service attack (DDoS)?

It's a malicious cyber attack in which a large number of compromised (infected with malware/virus) computers, often referred to as "botnets," are used to overwhelm a target system such as a network or website with an excessive amount of traffic. The malicious actor's goal of a DDoS attack is to make the targeted service unavailable to its intended users by flooding it with so much traffic that it becomes unable to handle legitimate user requests, which causes a disruption of service.

The attacker first gains control over a network of compromised devices. These devices can include computers, servers, and more which are usually infected with malware. Once the attacker has control over this botnet, they orchestrate a coordinated attack.

The attacker then directs the botnet to send a massive volume of traffic towards the target system or network. This flood of traffic can come in various forms, such as HTTP requests or even legitimate-looking requests that are specifically designed to exploit vulnerabilities in the target's infrastructure.

As a result, the infrastructure becomes overwhelmed by the flood of incoming requests. In turn, legitimate user requests struggle to get through because the resources are tied up in handling the malicious traffic.

How DDoS attacks impact services

As the target system's resources get consumed by the attack, its performance starts to degrade. It may become slow, unresponsive, or even crash completely. In severe cases, the targeted service may go offline entirely, resulting in a denial of service for legitimate users. That's where our GLAD services come in to thwart such attacks to your infrastructure.

GLAD features / tools

Below is an explanation of our i3D.net's GLAD's tooling and how each functionality can help to thwart DDoS attacks.

What's included in the Basic package

1. Default ACL (Access Control Lists) on VLAN

Preset Access Control Lists ( ACL ) rules that protect against diverse attack types, such as DNS (Domain Name System) and/or UDP attacks. The rules are consistently updated and maintained throughout to ensure ongoing security.

2. Automatic detection and auto null route

With automatic detection, it will discover incoming DDoS attacks. Once an attacker network is detected, this service blocks all traffic from it. Also, null routing silently discards (or "drops") malicious incoming traffic. The undesired traffic is directed to a route that goes nowhere, protecting the infrastructure. Null routing renders the target server inaccessible to anyone, including clean traffic.

What's included in the Advanced package:

(Advanced also includes the features from the Basic package above.)

1. Custom ACL (Access Control Lists) on VLAN

With this feature, you can preset their own ACL rules to protect against most of attack types. For example, they can set the specific ports, protocols, IP addresses that need to be protected from attacks.

2. Rate limit

If it is not certain if a network or IP is a risk, it can be set to receive a limited amount of traffic from a certain destination.

What's included in the Premium package:

(Premium also includes the features from the Advanced and Basic packages above.)

1. Warden

For unparalleled anti-DDoS protection, Warden is our custom software that filters traffic on a dynamic whitelist furnished by the customer. Its capabilities provide inline filtering, which allows you to achieve a higher level of specificity and detail when filtering their traffic stream.

In other words, only IPs explicitly listed in the whitelist can pass through. One of the key advantages of Warden is its ability to operate without introducing latency. By bypassing the operating system (OS) and directly receiving traffic through the network interface card (NIC), Warden offloads the filtering process from the OS, ensuring efficient and high-performance filtering.

Warden is designed to be flexible and adaptable. New features are continuously added whenever technically feasible, enabling you to benefit from the latest advancements in traffic filtering technology. In the event of server failures, Warden follows a fail-open system. If two servers fail, instead of blocking traffic, Warden allows all traffic to pass through. This ensures that your network remains operational even in challenging situations.

Warden also supports Active-Active setups, allowing horizontal scaling. This means you can expand the capacity of your filtering infrastructure by adding more instances of Warden, distributing the workload, and ensuring scalability.

Warden allows you to specify IPs (through API) to whitelist or blacklist at line rate speeds and takes effect within seconds of adding the IP to the specified lists.

2. Byte matching

Byte matching is a technique used to identify and filter out malicious or undesirable traffic from incoming network packets based on specific byte patterns. Customers can tailor specified signatures. As a result, it blocks the bytes that are not supposed to enter the network by taking appropriate actions to safeguard the targeted infrastructure.

3. API support

This feature allows you to be able to tailor their own protection as needed by managing protection profiles and white/black-lists through API.

Product packages overview

Below is an overview our product packages and what features are included.

Features Basic Advanced Premium
Default ACL on VLAN X X X
Automatic detection and auto null route X X X
Custom ACL on VLAN X X
Rate limit X X
Warden X
Byte matching X
API support X