In our network we use the shields with enabled DDoS protection. This protection is covering all VPS, Hybrid, Dedicated servers. WP Hosting services are covered by DDoS protection and specially designed WAF (Web Application Firewall). Protection Juniper hardware
DDoS attacks recognition
Attack recognising is based on analysing of the amount of traffic (number of packets) which pass the core network switches. Filtering rules analyse incoming/outgoing traffic and recognise the type of attack. How does it works? In case of UDP flood with 500k pps filter marking this traffic as green and native. But in case for 500k SYN packet, this traffic marked as potentially toxic. DDoS protection tools are filtering and detecting patterns to provide clean in/out traffic in the entire network.
For well-known DDoS patters we have already configured bare-level filters. Fixed filters are checking for DNS reflection, NTP reflection, and UDP floods on port 80.
Pro-active monitoring
Pro-active monitoring tools are filtering SYN floods, DNS floods, and invalid packets. As these filters are smart by nature, they could be easily and immediately re-configured to any unknown type of attack. Adjusting network filtering allow us to protect all resources in the network.