×
Community Blog Guard Your Sites with Layer-4 Cleaning Mode on Anti-DDoS Pro

Guard Your Sites with Layer-4 Cleaning Mode on Anti-DDoS Pro

In this article, you will get some information on how to use the Layer-4 cleaning mode to guard your sites from flood ddos attacks.

Anti-DDoS Pro provides four layer-4 cleaning modes against the IP-level flow cleaning policies for your choice.

1. Low: This mode uses loose cleaning policies with a relatively large threshold of the speed limit.

1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Applies easing restrictions on access IPs and destination IPs, mostly on the speed limit side.

2. Medium: The default Medium mode uses normal cleaning policies.

1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Applies restrictions on access IPs and destination IPs in a certain scope, mostly on the speed limit side.
4) Under circumstances, enables the reverse detection algorithm for the package filtering in a certain scope.

3. Emergency: This mode uses relative strict cleaning policies. It enables connection detection for each IP to block IPs that have too many connections.

1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Discards UDP packages.
4) Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.

4. High: This mode uses strict cleaning policies. It enables the origin authentication algorithm for package filtering under certain conditions.

1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Discards UDP packages.
4) Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.
5) Enables the reverse detection algorithm for the package filtering in a certain scope.

By default, your Anti-DDoS Pro instance uses the Medium cleaning mode. You can change the 4-layer cleaning mode as you needed.

Related Blog Posts

How to Protect Your Origin Sites with Anti-DDoS Pro

In this article, you will get some information on the methods and principles for different scenarios to protect your origin sites under Anti-DDoS Pro.

The origin sites protection can prevent your origin against light-traffic HTTP flood and Web attacks, but cannot defend against heavy traffic DDoS attacks. In addition, it does not prevent DDoS attacks directly targeting the origin through traffic that bypasses Anti-DDoS Pro, which may even throw the origin IP address into the black hole.

DDoS Attacks Analysis and Prevention

In this article, you will get some information on some ddos attacks analysis and how to protect your server from ddos attacks.

  1. the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance
  2. the importance of IoT device security by looking at CERT's interpretation of the infamous 2016 DDoS attack
  3. the analysis of scanning and intrusion script for DockerKiller Threat

Related Documentation

Protect origin sites that use Anti-DDoS Pro

This topic describes methods and principles for different scenarios to protect your origin sites under Anti-DDoS Pro.

Origin sites protection is not necessary for layer-4 forwarding. Because the attackers can always bypass Anti-DDoS Pro and directly attack the origin, which may bring congestion or trigger the back hole. Origin protection does not work in this case.

Layer-4 cleaning mode

Anti-DDoS Pro provides four layer-4 cleaning modes against the IP-level flow cleaning policies for your choice.

Note currently, cleaning mode change only supports CT/CU and International lines. Generally, new cleaning policies take effect several minutes after you change the cleaning mode.

Related Products

Anti-DDoS Pro

Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.

Anti-DDoS Premium

Alibaba Cloud Anti-DDoS Premium is a value-added DDoS protection service. This service is used to protect servers against volumetric DDoS attacks and ensure the availability of business. By modifiying DNS records to redirect malicious traffic through Anti-DDoS Premium’s dedicated IP address, Anti-DDoS Premium, protects your online presence.

0 0 0
Share on

Alibaba Clouder

2,599 posts | 764 followers

You may also like

Comments