DDoS Mitigation.
Mitigate at
the source.
Real-time BGP-based DDoS mitigation, coordinated across the world’s largest community of network operators. UTRS 2.0 supports IPv4, IPv6, and FlowSpec announcements through 1,300+ peering operators worldwide. Stop volumetric attacks at their source before they reach your edge.
DDoS mitigation through coordinated BGP blackholing.
Unwanted Traffic Removal Service (UTRS) 2.0 is a community-operated BGP service that lets network operators coordinate DDoS mitigation at the source. When attacks target one member’s infrastructure, all members can null-route the offending traffic at their own network edges. Stronger together.
Remote Triggered Black Holes
UTRS uses globally coordinated RTBH technique.Members announce BGP routes that signal other members to null-route specific traffic at their network edges.
ASN-Required Membership
Exclusively for owners of globally unique Autonomous System Numbers. UTRS operates on the routing layer; participation requires control of a real ASN.
Community-Driven Defense
1,300+ network operators worldwide. You help your neighbor; they help you. Mutual aid as defense doctrine, coordinated through a single BGP peering.
UTRS 2.0 Capabilities
Now supports FlowSpec for granular filtering, IPv6announcements, larger IPv4prefix limits, redundantpeering sessions, and ROA validation.
UTRS 2.0 community peering.

Multihope BGP peering with the UTRS route server lets members announce traffic for community-wide blackholing. Updates flow within seconds. No additional hardware required. Compatible with the BGP infrastructure you already operate. Available over IPv4 and IPv6 transport with redundant route servers.
Why UTRS
Team Cymru has operated UTRS since 2008. Not as a product. Not as a lead-gen funnel. UTRS exists because the operators defending the internet shouldn’t have to fight DDoS attacks alone, and we believe community infrastructure is worth keeping running.
“ Our Promise
If you’re defending a network, we’re defending it with you. That’s the whole point.”
UTRS has no premium tier, no usage caps, no extraction model. It exists because the internet needs it and operators asked us to run it. We’ve never charged for access. We don’t plan to.
Real Team Cymru engineers staff UTRS around the clock. When something goes sideways during an active incident, you can talk to a human who knows the system. No tier-one queue. No support ticket purgatory.
Every capability in UTRS 2.0 came from a community request. FlowSpec, IPv6, ROA validation, redundant peering. The operators are the experts. We listen, we build, we ship. Then we ask what’s next.
We’ve operated UTRS continuously since 2008 and rebuilt it from the ground up for the modern internet. We’ll be operating it next year, and the year after that. Community infrastructure only works if it’s still here tomorrow.
In Practice
Same UTRS, different operator. Here’s the workflow when the alert fires, what UTRS does in the middle, and what the operator walks away with.
ISPs · Service Providers
Customer is under attack. Transit links are saturating.
Pressure
Volumetric attack
UTRS Action
Announce /32 prefix
Outcome
Upstream blackhole
Hosting Providers
One tenant attacked. The whole cluster is suffering.
Pressure
Noisy neighbor
UTRS Action
Isolate at source AS
Outcome
Cluster healthy
NOC · SOC Teams
Cross-provider phone tree at 3 AM. Attack still growing.
Pressure
Manual escalation
UTRS Action
BGP signal fans out
Outcome
Mitigation in seconds
Critical Infrastructure
Scrubber, CDN, AS-path filter, and now what?
Pressure
Defense in depth gap
Nimbus Action
Community layer added
Outcome
Resilient stack
UTRS 2.0 grew from operator requests. FlowSpec, IPv6, ROA validation,redundant peering. Every capability shipped because a community member asked for it. If you need something we don’t currently support, submit a request.
Used Worldwide
From Tier-1 carriers and national CSIRTs to cloud hosting providers and critical infrastructure networks. UTRS members include the operators defending the internet’s most consequential traffic.
TIER-1 ISPS
NATIONAL CSIRTS
CLOUD PROVIDERS
HOSTING NETWORKS
CRITICAL INFRASTRUCTURE
Defense is Layered
DDoS mitigation hardens one layer. If your operational priority is filtering bogon routes, hunting threats, enriching IOCs, or coordinating with the global CSIRT community, the Operational Marketplace has the right tool for the mission.
Bogon Networks
Reference data for unrouted, reserved, and unallocated IPv4 and IPv6 prefixes. Six access formats for filtering at the routing layer.
Nimbus Threat Monitor
Continuous infrastructure telemetry and threat visibility for modern defenders. Pivot from signal to attribution.
MHR API
Programmatic malware hash lookups against an indexed sample corpus. Sub-second response, built for triage workflows.
CSIRT Assistance Program
Operational support for national and sector CSIRTs worldwide. Trust-network coordination and incident response.
GLOBAL DEFENDER EXCHANGE COMMUNITY
Mitigate DDoS attacks together.
Apply today.
A 25-year commitment to network defense, operated by Team Cymru, powered by 1,300+ community operators. BGP peering with UTRS is operator-to-operator. Apply for a peering session and join the world’s largest community DDoS mitigation network.