Anti-DDoS Pro provides four layer-4 cleaning modes against the IP-level flow cleaning policies for your choice.
1. Low: This mode uses loose cleaning policies with a relatively large threshold of the speed limit.
1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Applies easing restrictions on access IPs and destination IPs, mostly on the speed limit side.
2. Medium: The default Medium mode uses normal cleaning policies.
1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Applies restrictions on access IPs and destination IPs in a certain scope, mostly on the speed limit side.
4) Under circumstances, enables the reverse detection algorithm for the package filtering in a certain scope.
3. Emergency: This mode uses relative strict cleaning policies. It enables connection detection for each IP to block IPs that have too many connections.
1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Discards UDP packages.
4) Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.
4. High: This mode uses strict cleaning policies. It enables the origin authentication algorithm for package filtering under certain conditions.
1) Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
2) Filters defining SYN flood and ACK flood attacks.
3) Discards UDP packages.
4) Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.
5) Enables the reverse detection algorithm for the package filtering in a certain scope.
By default, your Anti-DDoS Pro instance uses the Medium cleaning mode. You can change the 4-layer cleaning mode as you needed.
In this article, you will get some information on the methods and principles for different scenarios to protect your origin sites under Anti-DDoS Pro.
The origin sites protection can prevent your origin against light-traffic HTTP flood and Web attacks, but cannot defend against heavy traffic DDoS attacks. In addition, it does not prevent DDoS attacks directly targeting the origin through traffic that bypasses Anti-DDoS Pro, which may even throw the origin IP address into the black hole.
In this article, you will get some information on some ddos attacks analysis and how to protect your server from ddos attacks.
This topic describes methods and principles for different scenarios to protect your origin sites under Anti-DDoS Pro.
Origin sites protection is not necessary for layer-4 forwarding. Because the attackers can always bypass Anti-DDoS Pro and directly attack the origin, which may bring congestion or trigger the back hole. Origin protection does not work in this case.
Anti-DDoS Pro provides four layer-4 cleaning modes against the IP-level flow cleaning policies for your choice.
Note currently, cleaning mode change only supports CT/CU and International lines. Generally, new cleaning policies take effect several minutes after you change the cleaning mode.
Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.
Alibaba Cloud Anti-DDoS Premium is a value-added DDoS protection service. This service is used to protect servers against volumetric DDoS attacks and ensure the availability of business. By modifiying DNS records to redirect malicious traffic through Anti-DDoS Premium’s dedicated IP address, Anti-DDoS Premium, protects your online presence.
2,599 posts | 762 followers
FollowAlibaba Clouder - June 13, 2019
Dikky Ryan Pratama - June 13, 2023
Alibaba Clouder - June 18, 2019
Alibaba Cloud New Products - June 10, 2020
Alibaba Clouder - March 22, 2021
Alibaba Clouder - June 27, 2019
2,599 posts | 762 followers
Follow
Anti-DDoS
A comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.
Learn MoreMore Posts by Alibaba Clouder
