A. Each dedicated server includes is limited to the data center inbound bandwidth capacity for DDoS Protection as part of the standard package. We do not advertise this limit as it's constantly increasing. 

 

A. If an attack exceeds the protection size, the IP being attacked will automatically be null routed for a period of 24 hours. 

 

A. The random incoming spikes you are seeing are most likely related to packets that were not filtered from attacks. Due to the nature and ongoing evolution of attacks, there isn't a single ruleset that will filter all malicious traffic. Stricter rulesets usually end up filtering legitimate traffic. Some traffic may make it through, but typically never enough to flood the port. 

 

A. Most local firewalls and IPTables, if configured correctly, will only allow legitimate traffic specific to the application that you are running. Reference the specific documentation to the firewall for additional configuration details. You may also consider installing Snort for a more advanced filtering service if firewall/IP table rules will not be sufficient.