1&1 is present across the world in many large traffic exchange points, and accepts locally-targeted traffic from other providers. This traffic is then forwarded to the 1&1 data centers via 1&1 WAN connections. Our powerful spoofing filters instantly detect whether or not any fake packets are present; for example, traffic that purports to originate from Google but does not arrive via Google Peering. This is how 1&1 is able to filter and prevent a DDoS attack before the traffic is even forwarded to the data center. Since many DDoS attacks do not come from global sources, instead originating locally, they can be selectively filtered and intercepted with Firewalls.