Terabit
DDoS mitigation

Built for real-world attacks

DDoS protection built for game traffic,
included by default.

Terabit uses a layered mitigation model with 500+ Tbps volumetric capacity via upstream partners and 13+ Tbps stateful in-house filtering, so game servers and dedicated workloads stay stable under attack.

0+ Tbps

Volumetric capacity

Absorbs high-volume floods before attack traffic reaches your origin.

0+ Tbps

Stateful filtering

Filters game and protocol traffic precisely with low collateral disruption.

0/7

Human support

Dedicated mitigation engineers monitor attack behavior and network health around the clock.

0+ PoPs

Global edge reach

Distributed ingress and scrubbing locations provide resilient coverage and low-latency paths.

Key features

What keeps traffic clean and stable

Built for communities and businesses that care about uptime, attack resilience, and fast response to attack leakages when they happen.

Anycast edge ingestion

Distributed ingress across 13+ PoPs absorbs attacks at the nearest edge before origin impact.

Automated inline mitigation

Always-on detection and filtering with sub-second response so protection stays active during live traffic.

Live attack telemetry

Real-time dashboards with per-packet visibility, bandwidth graphs, and event timelines.

Dedicated Mitigation NOC

Engineers monitoring network health and DDoS capacity around the clock.

Fast time-to-mitigate

Always-on scrubbing and stateful filtering reduce response delay during active incidents.

Multilayer protection

L3/L4 volumetric scrubbing paired with L7 application-aware filtering for full-stack defense.

Built-in server protection

Your protection is included from day one.

Every Terabit.io game server and dedicated server includes the same mitigation core by default, so you can launch quickly without configuring a separate add-on.

Browse protected services

Pick the server type you want to deploy.

Start with ready-to-launch hosting and get the same mitigation posture across your services from the first minute.

What you get by default

  • DDoS mitigation is included across game servers and dedicated services with no extra add-on
  • Game-aware filtering tuned for latency-sensitive traffic and protocol stability
  • Real-time dashboards for attack events, clean-vs-malicious ratios, and traffic health
  • Built-in firewall controls and configurable webhooks for incident operations

How it works

Mitigation pipeline

Inbound traffic is separated through volumetric scrubbing and stateful filtering before it reaches protected origin services.

Global Internet

Inbound traffic

All traffic enters through global anycast ingress points.

L3/L4 Protection

Volumetric scrubbing

High-volume floods absorbed at edge capacity tiers.

L7 Protection

Stateful filtering

Protocol-aware inspection removes evasive attacks.

Clean Traffic

Protected origin

Only validated traffic reaches your infrastructure.

Real-time attack monitoring dashboard

Real-time monitoring

Track attacks as they happen

Investigate attack behavior in real time from one timeline, including mitigation effectiveness, traffic quality, and incident progression.

  • Live bandwidth and packet-rate graphs
  • Per-attack event timeline and classification
  • Inspect packet headers and payloads in real-time

Granular control

Firewall manager

Running mixed protocols or regional communities? Create precise allow and deny rules, filter by geography, and apply mitigation profiles from one interface.

  • Allow and deny rules for TCP, UDP and other protocols
  • Allow and deny rules for geographical sources
  • Apply specialized mitigation profiles to ports for complete protection against generic and protocol-specific attacks
Firewall manager interface with protocol and geo-based rules

Threat coverage

Attack families covered

Coverage across common volumetric vectors and game-specific protocol abuse patterns.

Volumetric DDoS

  • TCP Flood
  • ACK, PSH, SYN, RST, URG, etc.
  • UDP Flood
  • GTP Flood
  • ESP Flood
  • ICMP Flood
  • Ping of Death
  • Teardrop/Reflected, etc.

Reflective & Amplification

  • NTP Amplification
  • SSDP/UPnP
  • QUIC
  • Chargen
  • SNMP
  • Fraggle Attack/DNS
  • DNS Amplification
  • LDAP
  • RIP
  • TFTP
  • Memcached

Resource Exhaustion

  • Malformed and Truncated Packets
  • IP Fragmentation
  • Invalid TCP flag attacks
  • Bad Checksums
  • Bogus TCP/UDP Flags
  • Invalid TCP/UDP Ports
  • Reserved IP Addresses

Gaming

  • A2S Source Flood
  • A2S GETSUM
  • FiveM Exhaustion
  • HTTP Slowloris
  • TERRA/EST
  • Handshake Abuse
  • NetBIOS

Volumetric floods

UDP, TCP, ICMP, DNS amplification, NTP reflection, memcached abuse, and similar edge-saturating traffic profiles.

Protocol attacks

SYN floods, fragmented packets, LAND variants, and state exhaustion attempts handled through stateful inspection.

Application layer abuse

HTTP floods, slowloris, RUDY, and related L7 pressure managed through challenge, fingerprinting, and rate control.

Game protocol attacks

Source queries, Minecraft handshake abuse, FiveM state attacks, and other game-aware threats Terabit sees routinely.

Zero-day patterns

Rapid custom filter response for novel or emerging traffic patterns before they turn into recurring outage vectors.

Botnet campaigns

Traffic sourced from distributed compromised hosts with mixed signatures and behavioral adaptation over time.

Deployment fit

Choose the model that matches operational ownership.

Both options run the same mitigation core. Pick the model that matches your routing control and team responsibilities.

Remote Mitigation

$950/Gbps/mo

B2B remote mitigation for operators who want global anycast routing and clean traffic delivery via GRE or direct tunnel.

13+ PoPs4 continentsZero added latency

Best for

Hosting and network providers that need fast onboarding and global edge absorption without building an in-house mitigation stack.

Operational ownership

Terabit operates routing and mitigation workflow while your team controls origin stack.

  • Automatic nearest-PoP routing
  • Deploy in minutes via GRE or BGP
  • GRE tunnels or direct cross-connect
  • Real-time attack dashboard and API

On-Premise / Whitelabel

$1,250/mo

B2B on-premise and whitelabel deployment with zero added latency and full branding control.

Zero added latency100% data sovereigntyCustom branding

Best for

Infrastructure operators that require strict environment control, data locality, and custom operational workflows.

Operational ownership

Your environment keeps full network proximity while Terabit mitigation logic runs under your model.

  • Use Terabit appliances or your own hardware
  • Traffic stays on your network
  • Full API and management access
  • Dedicated engineering support

Not sure which model fits your provider traffic profile? Share your attack history and we will map the safer deployment path with you.

What customers say

Trusted by gaming, bare metal, and infrastructure teams

Terabit's response during an active attack was night-and-day compared to other providers. Their team was hands-on within seconds and had custom filters deployed before we could even file a ticket.

A

Alex K.

Infrastructure Lead, Gaming Platform

We migrated from a generic enterprise DDoS solution and immediately saw fewer false positives on our game traffic. The difference in TTM alone paid for itself.

J

Jordan M.

CTO, Hosting Provider

Why Terabit

Built for sensitive workloads.

Gaming-first DNA

In-house stateful filtering tuned for games, custom protocols, and latency-sensitive apps.

Massive volumetric headroom

500+ Tbps of upstream scrubbing capacity absorbs even the largest floods before they reach your network.

Live incident response

Direct engineering response during active attacks — no canned escalation loops.

FAQ

Answers before you commit

Quick answers to common questions from server buyers and infrastructure operators.

How quickly can protection be deployed?

For hosted game servers and dedicated products, mitigation is already built into the service. For remote mitigation, rollout timing is usually instant with the use of self-serve capabilities in our portal, but can take longer if manual intervention is required for complex configurations and specific routing requirements.

Will mitigation add noticeable latency for players?

No. Our mitigation is designed with latency in mind, and due to it being in-house, there are no extra hops needed between you and your server as such. However, Remote Mitigation (GRE) customers will have an extra hop to the nearest scrubbing center where the tunnel terminates.

Do you cover both volumetric and application-layer attacks?

Yes. We use a layered protection model with 500+ Tbps volumetric capacity (for absorbing massive floods) and 13+ Tbps stateful in-house filtering for protocol and application-layer threats that are designed to bypass mitigation techniques.

Who is remote mitigation and on-premise for?

Remote Mitigation is for customers that want fast onboarding to our network from an external network or hosting environment, while On-Premise / Whitelabel is for hosting providers and network operators that want to run our mitigation stack within their own environment and maintain full control over routing and network configuration.

DDoS Protection per game

Mitigation tuned to your game.

Pick a game to see how Terabit's game-aware filters compare to OVH, Hetzner, Nitrado, and other generic hosts.

Ready to beat DDoS attacks once and for all?

Pick your preferred deployment path.

You can either start with our affordable and equally protected game and dedicated services, or have a chat with our team if you need business services such as Remote Mitigation (via GRE) or On-Premise / Whitelabel.