DDoS Protection with Anti-DDoS Pro
Alibaba Cloud Security Anti-DDoS Pro service is an attack protection service designed by the Alibaba Cloud research and development team.
Anti-DDoS Pro provides DDoS, HTTP flood, and WAF protection services, and is capable to defend against three to seven layers of DDoS attacks such as SYN flood, UDP flood, ACK flood, ICMP flood, DNS query flood, NTP reply flood, HTTP flood attack, and Web application attacks.
When you set up an Anti-DDoS Pro instance to protect your service, Anti-DDoS Smart Defense is enabled by default. You can modify DDoS protection policies based on your needs.
On the Protection Settings page, click Anti-DDoS Protection Policies and then you can see the Scrubbing Mode.
Scrubbing mode provides Smart Defense which bases its decisions on historical traffic data. If this is the first time that you set up an Anti-DDoS Pro instance to protect your service, note that it takes Smart Defense about three days to learn your traffic pattern to provide the best protection. If attacks are launched against your service within these three days, you can mitigate attacks by limiting the number of new connections from specific IP addresses. If Smart Defense fails to meet your needs under the normal mode, you can set the mode to strict to enable the most rigorous protection.
Select an Anti-DDoS Pro instance and click Modify Smart Defense Mode in the Actions column. In the Modify Smart Defense Mode dialog box, select a scrubbing mode. Anti-DDoS Pro supports the following scrubbing modes:
- Low: This mode scrubs traffic that displays common attack patterns. The mode provides moderate protection capabilities and has a low false positive rate.
- Normal: This mode scrubs traffic that displays common and likely attack patterns. The mode maintains an optimal balance between protection and false positives.
- Strict: This mode provides the most rigorous protection against malicious traffic and may cause a certain number of false positives.
For other policies like Blacklist and whitelist, Deactivate black holes and Block traffic, you can go to this document.
Related Blog Posts
Anti-DDoS Basic is a free Distributed Denial of Service (DDoS) protection service that safeguards data and applications.
Anti-DDoS Basic prevents and mitigates DDoS attacks by routing traffic away from your infrastructure. This service guarantees availability and performance of your properties on Alibaba Cloud. It also provides enhanced visibility and control over your security. As a global service from Alibaba Cloud Security, Anti-DDoS Basic functions with 5Gbps capacity of DDoS mitigation against common DDoS attacks.
For users who have business servers deployed outside the mainland China, Alibaba Cloud provides the Anti-DDoS Premium service to mitigate DDoS attacks.
In this article, you will get some information on the ddos mitigation services with Anti-DDoS Premium on Alibaba Cloud.
Anti-DDoS Pro supports protection against layer 4 DDoS attacks and provides multiple protection settings to safeguard the security of your business.
Anti-DDoS Pro provides protection against DDoS attacks based on IPs and ports when no domain names are provided. You can set limits on parameters such as the request rate, and packet length to mitigate DDoS attacks.
After a port forwarding rule is added, you can configure the following protection policies based on your needs: session persistence, health check, and anti-DDoS protection.
You can configure protection policies based on different business scenarios. For example,
- You can configure a session persistence policy based on IP address to forward requests from the same IP address to the same origin server.
- You can configure a health check policy to check the availability of the origin server. The purpose of a health check is to ensure that requests from the client are not forwarded to servers where exceptions have occurred.
- Anti-DDoS protection policies are based on IPs and ports. To mitigate DDoS attacks, you can configure policies to set limits on parameters, such as the request rate or packet length.
Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.
Anti-DDoS Pro supports a peak protection bandwidth of 20Gbps ~ 600Gbps on servers inside and outside Alibaba Cloud. To make it more cost-effective, you are offered various flexible payment plans. Wherein, the fees are incurred according to the daily attack volumes.
Alibaba Cloud Anti-DDoS Basic is a cloud-based security service that integrates with Alibaba Cloud ECS instances to safeguard your data and applications from DDoS attacks, and provides increased visibility and control over your security measures.
As an Alibaba Cloud global service, Anti-DDoS Basic enables you to meet stringent security requirements for your cloud hosting architecture without any investment. This service is available to all Alibaba Cloud users free of charge.
Built using Intel® Xeon® E5–2600 v3 processor family, Alibaba Cloud Anti-DDoS Basic delivers record-breaking performance that gives you the power and capacity to fuel your best business ideas and handle data-demanding and transaction-intensive applications.
The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.