Anti-DDoS:What is Anti-DDoS Basic?

Anti-DDoS Basic provides free protection for certain Alibaba Cloud assets to mitigate network-layer and transport-layer DDoS attacks.

Anti-DDoS Basic is integrated into the mitigated assets and enabled by default with mitigation thresholds ranging from 500 Mbit/s to 5 Gbit/s. This feature cannot be disabled. For details on the mitigation thresholds for each asset, see View the thresholds that trigger blackhole filtering in Anti-DDoS Basic.

Normally, Anti-DDoS Basic does not disrupt access for users. However, certain attacks, such as HTTP Flood, SYN Flood, and ACK Flood attacks, attack techniques, such as snipe and sweep, as well as specific user scenarios that exceed Alibaba Cloud or product specification, may affect access. If Anti-DDoS Basic does not meet your needs, consider upgrading to more advanced protection services such as Anti-DDoS Origin or Anti-DDoS Proxy. For more information, see Scenario-specific anti-DDoS solutions.

• Set thresholds for traffic scrubbing: Anti-DDoS Basic sets scrubbing thresholds by default. To manually configure these thresholds, see Configure traffic scrubbing thresholds. The traffic scrubbing thresholds for assets are contingent on the specifications of the instances. For more information, see Cloud service specifications and scrubbing thresholds.

• Trigger traffic scrubbing: When the following two conditions are met, traffic scrubbing starts:

  • Incoming traffic exhibits unusual patterns.

  • The bits per second (BPS) and packets per second (PPS) of incoming traffic surpasses the predefined scrubbing threshold.

• Traffic scrubbing: Anti-DDoS Basic filters and scrubs all the incoming traffic to block network-layer and transport-layer attacks such as UDP reflection attacks and SYN-ACK flood attacks. Anti-DDoS Basic cannot mitigate application-layer attacks such as HTTP Flood attacks and CC attacks.

  • Network-layer attack: These attacks include UDP reflection attacks, SYN-ACK flood attacks, and malformed packet attacks that violate IP protocols. These attacks aim at consuming server bandwidth, resulting in service disruption.

  • Transport-layer attack: These attacks include TCP SYN flood attacks and connection exhaustion attacks. These attacks aim at disrupting connections and sessions, overwhelming the server capacity to handle legitimate traffic. 

  • Application-layer attack: These attacks include HTTP Flood attacks, CC attacks, and DNS Flood attacks. They are designed to exploit business-specific vulnerabilities, overwhelming server processing capacity and resulting in denial of service.

• Blackhole filtering: When inbound traffic surpasses the protection capacity (referred to as the blackhole triggering threshold), blackhole filtering is activated to mitigate potential damage from DDoS attacks. This measure protects assets and ensures that the operation of other assets is not impacted by a single cloud service under attack. During this process, Alibaba Cloud temporarily blocks incoming Internet traffic to the affected cloud service. For more information, see Blackhole filtering policy of Alibaba Cloud.