All Products
Search

This Product

    Anti-DDoS:Terms

    Document Center

    Anti-DDoS:Terms

    Last Updated:Oct 29, 2024

    This topic introduces the basic concepts of Anti-DDoS Origin.

    DDoS attack

    Distributed denial of service (DDoS) attacks include volumetric attacks and application-layer attacks.

    • Volumetric attacks target the network bandwidth of your service. In most cases, attackers manipulate multiple computers or attack simulators to send a large number of requests or data packets to the target server. This exhausts network bandwidths and causes your service to become unavailable.

    • Application-layer attacks target at servers. During application-layer attacks, the memory of the servers is exhausted by malicious requests or the CPUs of the servers are exhausted by kernels and application programs. As a result, servers cannot respond to normal requests.

    Traffic scrubbing

    If you want to perform traffic scrubbing, you can use an anti-DDoS device or service to analyze and filter traffic. The anti-DDoS device or service can distinguish service traffic from attack traffic and return only service traffic to your server. This reduces the pressure and risks on the server.

    Blackhole filtering

    If DDoS attacks exceed the mitigation capability that is provided for a service, blackhole filtering is triggered. Blackhole filtering is used to discard all inbound traffic that is destined for the service. This helps protect other services that are deployed in the same network as the attacked service. For more information, see Blackhole filtering policy of Alibaba Cloud.

    Best-effort protection

    Best-effort protection leverages the network capabilities and resources of the local anti-DDoS scrubbing center to mitigate DDoS attacks. As Alibaba Cloud network capacity grows, the effectiveness of best-effort protection also increases. This upgrade comes at no additional cost.

    Mitigation sessions

    The system logs attack traffic every 5 seconds, resulting in 12 logs per minute. When attack traffic surpasses N Gbit/s, the system calculates the attack duration by summing the values of X and Y, as depicted below. When the total duration exceeds 15 minutes, or 180 logs, a session of best-effort protection is formed.

    image.png

    The red curve in the figure represents the inbound bandwidth of an asset with a public IP address.

    • For assets within the Chinese mainland, N is set at 20 Gbit/s.

    • For assets outside the Chinese mainland, N is set at 10 Gbit/s.