Every day, thousands of digital threats travel across the internet, searching for vulnerabilities in corporate networks. Many of them never reach their destination because there is technology designed to filter them out before they even knock on the door.
That technology is called Clean Pipes.
What is Clean Pipes?
Simply put, Clean Pipes is a traffic filtering service that cleans a company’s internet connection before it reaches its network.
Imagine a pipe through which all internet traffic flows to your business. Without protection, all kinds of things come through that pipe: legitimate information, but also malware, automated attacks, and malicious traffic. Clean Pipes acts as a high-precision filter that analyzes everything that comes in and lets only clean, legitimate traffic through.
The result is a more secure network, without your team having to intervene in every threat.
How does it work?
The process occurs automatically and in real time, before traffic reaches the company’s infrastructure.
1. Traffic Monitoring
Continuous traffic monitoring, analysis of patterns and behaviors, and establishment of baseline values.
2. Attack Detection
Identification of significant deviations, classification of attack types, and automatic activation of countermeasures.
3. Mitigation
Mitigation is the most common form of DDoS defense used and involves discarding traffic deemed potentially malicious without further analysis. The routing rules generated to mitigate traffic remain active for 30 minutes to prevent similar attacks in the short term.
4. Protection
Protection involves completely stopping a DDoS attack without affecting legitimate traffic. Many organizations opt for mitigation-only solutions. This decision is based on risk tolerance and business priorities. For those with an extremely low risk tolerance and/or who want to minimize disruptions to their operations, the protection option is the most appropriate.
This process occurs in milliseconds, so users do not notice any difference in speed or browsing experience.
What types of threats does it block?
Clean Pipes is designed to neutralize the most common and harmful types of malicious traffic:
Volumetric DDoS
This type of attack seeks to saturate a network’s bandwidth by sending massive amounts of junk traffic, with the goal of preventing servers and infrastructure from responding to legitimate requests. Clean Pipes neutralizes this type of attack by filtering and cleansing malicious traffic before it reaches the network, ensuring that only clean, legitimate traffic passes through, without interrupting operations.
Neutralizes:
- TCP Flood Attacks
- UDP Flood Attacks
- ICMP Flood Attacks
- UDP Fragmentation
Resource Exhaustion
This attack seeks to consume server resources—such as CPU, memory, or available connections until the server is unable to respond. Clean Pipes detects and filters this anomalous traffic before it reaches the infrastructure, keeping resources available for legitimate connections.
Neutralizes
- IP Fragmentation
- AET Segmentation
- Invalid TCP
- Bad Checksums
- Illegal Flags in TCP/UDP Frames
- Invalid TCP/UDP port numbers
- Use of reserved IP addresses
- Malformed and truncated packets
Reflection DDoS
In this type of attack, the attacker spoofs the victim’s IP address and sends requests to legitimate third-party servers, which unwittingly respond en masse to the target, amplifying the attack’s volume. Clean Pipes identifies and filters out this reflected traffic before it impacts the customer’s network, neutralizing the attack without affecting service availability.
Neutralizes
- NTP Monlist Amplification (NTP Monlist Response Amp.)
- SSDP/UPnP Responses
- Inbound SNMP Responses
- Chargen Responses
- Smurf Attack
- Fraggle DNS Attack
- DNS Amplification
Advanced and Customizable Protection
Clean Pipes goes beyond the most common attacks. The solution includes tunnel inspection, blocking of Command-and-Control operations, and protection against frequently exploited protocols such as Teamspeak, RIPv1, and NetBIOS. In addition, it features programmable rules and intelligent heuristics that allow filters to be customized according to the specific needs of each network, adapting to known and emerging threats without constant manual intervention.
Why is this important for your business?
Digital threats do not discriminate based on company size or industry. Any business connected to the internet is a potential target.
The advantage of Clean Pipes is that its protection operates continuously and proactively, without relying on someone on your team to detect the problem. Threats are neutralized at the source, before they can cause any damage.
This translates to fewer disruptions, a lower risk of data loss, and more stable operations for your company and your customers.
Equipment Deployment
Clean Pipes eliminates the need to deploy equipment at customer sites, offering the following benefits:
- Scalability:
The service quickly adapts to the attack volume, which is crucial during massive DDoS attacks.
- Cloud-based protection:
The cloud infrastructure for processing and mitigating malicious traffic saves time and eliminates the need for specialized on-site personnel.
- Rapid deployment:
The solution can be activated quickly.
Clean Pipes’ Interaction with Other Security Solutions
Clean Pipes is independent and complements the security solutions deployed at customer sites. Its primary function is to protect network availability and ensure service continuity against distributed denial-of-service (DDoS) attacks for the following reasons:
Prevention of Link Congestion
When a DDoS attack directly targets a customer’s site, the malicious traffic has already saturated the Internet link before reaching the firewall. Even if the firewall blocks the packets, the available bandwidth is compromised, leading to:
- Service degradation or interruptions.
- Disruption of legitimate traffic.
- Congestion in Internet access.
Optimization of firewall resources
Firewalls, even next-generation ones, are designed to handle multiple types of threats, but not to process the extreme volume of packets from a DDoS attack (millions per second). This can lead to:
- Exhaustion of critical resources (CPU, memory).
- Unexpected firewall crashes or reboots.
- Single points of failure in the infrastructure.
Scalability and Global Visibility
Modern DDoS attacks are highly variable and can escalate in a matter of minutes. Unlike on-premises solutions, Clean Pipes’ capabilities:
- Scale dynamically based on the attack’s magnitude.
- Provide global visibility into malicious traffic.
- Apply shared intelligence to stop threats before they reach the customer’s network.
Conclusion
Clean Pipes is an essential layer of protection for any business that relies on its internet connection to operate.
Filtering out threats before they reach your network is the most effective way to keep your operations secure, continuous, and running smoothly.
At Flō Networks, we specialize in developing the most appropriate security solutions for your business, backed by a track record and experience built over more than 20 years of providing connectivity solutions and services using security mechanisms tailored to your network.