Orange Jordan Distributed Denial-of-Service (DDoS) Detection and Mitigation Solution is an IP based threat(s) monitoring, mitigation and control solution that enhances web services availability and performance through guarding against eminent DDoS attacks. Distributed Denial-of-Service (DDoS) attack is one of the most critical and challenging threats impacting businesses today.

DDoS mitigation center consists of platforms, devices, tools, software and human resources that monitor, detect, and mitigate Distributed Denial of Service (DDoS) attacks on networks connected to the Internet through Orange Jordan network.

Distributed Denial-of-Service(DDoS) Offers

Distributed Denial-of-Service(DDoS) table

Packages Volumetric Network Protection Internet Access bandwidth Number of mitigated attacks per month Attack time duration Number of IPs to 24/7/365 monitoring SOC Alerts & Notifications Clients web access & Reporting
Bronze 1 Gbps Unlimited* 4 Attacks 12 hours 2
Silver 3 Gbps Unlimited* 8 Attacks 12 hours 4
Gold 5 Gbps Unlimited* 10 Attacks 12 hours 8


Multi-Layer defense
Handles known DDoS attack vectors – Volumetric
IP reputation and Botnet activity is filtered at the perimeter
Technical Details

The solution architecture consists of multiple layers of devices and mechanisms managed by specialized highly trained team.


1. Anomaly behavior Analysis: A pattern of traffic behavior is  applied for each protected object including every protocol; this threshold specifies how many packets per second or  overall bandwidth upper limit and the nature of the traffic. Traffic not matching threshold behavior can be a DDoS attack.

2. Anomalies profiling: customer traffic is monitored over a period of time with which a traffic baseline is built. Based on this baseline, if the traffic exceeds a customizable percentage then it can be a DDoS attack.

3. The flow Analyzer monitors the traffic at the IGW routers to detect possible DDoS attacks. Monitoring is done via SNMP, BGP, and traffic flow information received from the IGW routers. It monitors traffic from core/edge routers via netflow/Jflow (for example) to detect possible attacks in the network. It has BGP Peering with selected routers to monitor BGP route updates. It also gets flow and SNMP information from these routers.

4. The Threat Management System: mitigates DDoS traffic by filtering malicious attack traffic and only allowing legitimate traffic to pass to the target destination.

5. Once an attack is detected, the TMS is notified by the Flow Analyzer, where a specific BGP route is injected carrying malicious traffic to the TMS. Only traffic under attack is redirected to TMS to avoid latency and insure maximum security.

6. All other traffic that is not affected is routed as normal. Traffic passing the TMS will be cleaned (“scrubbed”) by applying several countermeasures – this effectively mitigates DDoS traffic, while allowing legitimate (clean) traffic to pass towards the original destination.

7. Scrubbed traffic is diverted through the egress interface of the TMS.

8. The packet that leaves the TMS contains the clean IP packets.

9. Traffic to destination follows best routing path.

10. Security Analytics: gives customers a detailed view of the attacks. It allows security analysts to analyze data in real time. Powerful visualizations display data from multiple perspectives (attacker, target, location or attack type). enabling security analysts to quickly assess the security posture of the organization.

This managed service mitigates the following types of attacks:

  • Volumetric stream saturation attacks (flood attacks).
  •  State Exhaustion Attacks (protocol attacks).
    Sample Flood Attack Types Attack Vector
    SYN and ICMP floods Network / State-exhaustion
    UDP Floods Network / Volumetric
    TCP Null Network probing
    TCP RST Connection disruption
    SSL renegotiation Low-and-slow

    Availability: The percentage of up time that the mitigation service is available as per contractual terms.

    Protocol Attacks: a flood attack occurs when a host sends a flood of packets, often with a fake sender address. Each of these packets are handled like a connection request, causing the server to spawn a half-open connection, by sending back a packet (Acknowledge), and waiting for a packet in response from the sender address (response to the ACK Packet). However, because the sender address is spoofed, the response never comes. These half-open connections saturate the number of available connections the server can make, preventing it from responding to legitimate requests until after the attack ends.

    Volumetric Attack (Layer 3 / 4) DDoS attacks

    The majority of DDoS attacks focus on targeting the transport and network layers. These types of attacks are usually comprised of volumetric attacks that aim to overwhelm the target bandwidth to congest the links to render the resources to be unavailable. Malicious traffic can use several protocols especially the UDP since that UDP is less compliant with security protocols than TCP.

    Time to detect the attack: the time needed to determine if a target is under attack in order to start mitigation process.

    Time to initiate the Mitigation: the time needed to initiate mitigation process.


Comprehensive solution : End to end service
24x7x365 monitoring: Team of skilled security experts to monitor traffic and infrastructure, available round the clock to mitigate threats
No need to have security team at customer network