RamNode logo
    Sign UpLogin
    Back to OpenVZ Documentation

    RamNull DDoS Mitigation

    Understanding RamNode's automated DDoS protection system

    Table of Contents

    What is RamNull?

    RamNull is our customized DDoS mitigation system. RamNull automatically nullroutes targeted IPs when an attack exceeds our filtering capacity, protecting our network infrastructure while the attack is ongoing.

    How RamNull Works

    1. Attack Detection

    Our monitoring systems continuously analyze network traffic. When an IP address receives traffic that exceeds normal thresholds or filtering capacity, RamNull is triggered.

    2. Automatic Nullroute

    The targeted IP address is automatically nullrouted, meaning all traffic to that IP is dropped at our network edge. This protects our infrastructure and other customers from collateral damage.

    3. Automatic Removal

    RamNull monitors the situation and automatically removes the nullroute once the attack subsides. This typically occurs within 1-4 hours but can vary based on attack persistence.

    What Happens When You're Nullrouted

    During Nullroute

    • Your IP address becomes completely unreachable
    • No traffic (legitimate or malicious) can reach your server
    • Services hosted on that IP will be offline
    • Other IPs on your account are not affected

    Notification

    When RamNull engages, you'll typically receive an email notification. The email will include:

    • The nullrouted IP address
    • Time the nullroute was applied
    • Reason (DDoS attack)
    • Expected duration (automatic removal when attack stops)

    What to Do If You're Nullrouted

    Option 1: Wait for Automatic Removal

    In most cases, the best option is to wait. RamNull will automatically remove the nullroute once the attack stops. This usually takes 1-4 hours.

    Option 2: Request IP Change

    If you need immediate access, you can open a support ticket to request a new IP address. Note that if the attacker follows you to the new IP, it may also be nullrouted.

    Option 3: Upgrade to Filtered IP

    For better protection, consider upgrading to a DDoS-filtered IP address (available in Atlanta, New York, and Los Angeles). These IPs have higher attack mitigation capacity.

    Preventing Future Attacks

    • Use DDoS-filtered IPs for critical services
    • Implement proper security to prevent compromises
    • Use Cloudflare or similar CDN to hide your origin IP
    • Don't share your IP unnecessarily in public forums
    • Resolve conflicts that may lead to attacks
    • Monitor for vulnerabilities and patch promptly

    Checking Nullroute Status

    You can check if an IP is nullrouted by trying to ping it or by contacting support. The nullroute is applied at the network level, so you won't see it in your VPS configuration.

    Important Notes

    • RamNull is automatic and protects the entire network
    • Manual nullroute removal is generally not available
    • Repeated attacks may result in extended nullroute periods
    • This is a last resort when filtering cannot handle the attack