A method of providing infrastructure protection for a server of a network organization, the method including announcing an IP address range associated with the network organization using a border gateway protocol on an edge router of a scrubbing center associated with the network organization. The method further including receiving an incoming network packet intended for a server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a plurality of scrubbing centers in a distributed network of scrubbing servers, the plurality of scrubbing centers including the scrubbing center. The method further including determining, by the scrubbing center, whether the incoming network packet is legitimate. The method further including, responsive to determining that the incoming network packet is legitimate, routing, by a processor, the incoming network packet to the server at a private IP address.