Warding off DDoS Attacks with Anti-DDoS — Part 3: Alibaba Cloud Anti-DDoS
By Shantanu Kaushik
Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>
In the previous articles of this series on Anti-DDoS protection, we discussed DDoS attacks and how they can are fatal to businesses. In this article, we will showcase Alibaba Cloud Anti-DDoS solutions and compare them and their usage scenarios.
With a combination of highly effective DDoS mitigation algorithms and practices, Alibaba Cloud created an Anti-DDoS solution for Mainland China and worldwide audiences. The Alibaba Cloud Anti-DDoS service is based on its global scrubbing centers.
Let’s take a look at each solution, starting with the shared core features:
- Alibaba Cloud Anti-DDoS incorporates a smart AI-based detection system. This system is based on valuable data from Big Data and Alibaba Cloud’s machine learning platform for AI. This intelligent system presents a highly cost-effective solution by dynamically adjusting the Anti-DDoS measures based on the circumstances of the attack.
- The Alibaba Cloud Anti-DDoS solution enables the Global DDoS protection network to counteract volumetric DDoS attacks. The global scrubbing centers implement this solution and provide over 10 Tbits/s of mitigation capacity.
Alibaba Cloud Anti-DDoS Basic is a free variant of the DDoS protection service. It enables security for your data and applications by mitigating and preventing DDoS attacks on your network and infrastructure. Anti-DDoS Basic integrates with Alibaba Cloud Elastic Compute Service (ECS) instances and provides viable protection against DDoS attacks.
Some of the features of Anti-DDoS Basic include:
- Short Black-Hole Duration
Alibaba Cloud Anti-DDoS Basic helps you resume services faster after recovering from a denial of service attack.
- Remarkable Protection
Alibaba Cloud Anti-DDoS defends against TCP, ICMP, UDP, SYN, and ACK flood attacks.
- Security Credibility
Anti-DDoS Basic improves your security credibility score as an add-on service on top of Alibaba Cloud Security services. It significantly improves the credibility score by leveraging this scalable DDoS mitigation system.
Anti-DDoS Premium works with a routing mechanism that directs all incoming traffic to a dedicated IP address. It utilizes traffic scrubbing based on a highly sophisticated distributed mechanism to scrub out any malicious traffic and direct the usual traffic to the servers.
Let’s take a look at how this works on the chart below:
Alibaba Cloud Anti-DDoS Premium protects your business and infrastructure from malformed packet attacks, web application denial of service attacks, and transport-layer DDoS attacks. Anti-DDoS Premium protects against HTTP GET & Post, SYN, ACK, UDP, ICMP, and RST flood attacks.
- Alibaba Cloud Anti-DDoS Premium offers unlimited protection. It is based on global near-source scrubbing that facilitates continuous protection of resources and service continuity. Anycast mode allows the Anti-DDoS service to direct traffic to the nearest scrubbing center to enable backup and disaster recovery scenarios among multiple data centers.
- Anti-DDoS premium uses a dedicated anycast IP address to isolate other organizations sharing a network resource with detailed security reports and a dedicated IP resource. It automatically isolates the business and starts the scrubbing process.
Usage Scenarios | Anti-DDoS Premium
You should implement Anti-DDoS Premium when:
- Your business is susceptible to attacks from business competitors
- You get massive ransomware-based attacks
- Your applications get multiple spam registrations and malicious requests
- You have to work with livestreaming services
- You have to work with e-commerce portals of financial services
- You are catering to a high-demand government portal
Alibaba Cloud Anti-DDoS Origin provides denial of service protection against volumetric attacks. It does so without using an anycast IP address and with the IP address of your server based on the Alibaba Cloud-Native Anti-DDoS network. It supports the deployment of IPv6-based denial of service protection out of the box.
- Anti-DDoS Origin supports mitigation-based BGP (Border Gateway Protocol.) This enables extensive protection to Alibaba Cloud’s Bring Your Own IP Addresses (BYOIP) resources and any other data centers outside of the Alibaba Cloud network.
- Anti-DDoS Origin supports the mitigation of DDoS attacks without architectural changes to your basic cloud services. You can easily set up the origin service and enable protection for all Alibaba Cloud products.
- Anti-DDoS Origin extends its protection to other Alibaba Cloud services, such as Elastic Compute Service (ECS), Server Load Balancer (SLB), Web Application Firewall (WAF), and Elastic IP (EIP).
Let’s take a look at the chart below to understand how Alibaba Cloud Anti-DDoS Origin protection works:
The protection of resources, such as ECS, SLB, and more from volumetric attacks on Layer 3 and 4, is the art and science of Anti-DDoS Origin. Traffic scrubbing for DDoS attack mitigation is initiated automatically when the default traffic scrubbing threshold limit (as pre-defined in the Anti-DDoS Origin) is reached.
Usage Scenarios | Anti-DDoS Origin
You should implement Alibaba Cloud Anti-DDoS Origin in scenarios where:
- Your service requires high-bandwidth queries per second (QPS)
- You have a large number of public IP addresses
- Resources and applications are deployed on Alibaba Cloud
- You have a large-scale service network that requires a standard network to operate
- You have IPv6-enabled inbound traffic requests
Let’s take a look at the architecture associated with GameShield:
Alibaba Cloud GameShield is an SDK-driven service that is integrated to leverage the high-elasticity associated with the Alibaba Cloud Security SDK. It prevents DDoS attacks on mobile applications in the gaming industry. It mitigates HTTP flood attacks and repels denial of service attacks on mobile devices.
Alibaba Cloud GameShield defends against Tbit/s DDoS attacks and attacks specific to the gaming industry. GameShield improvises on the traditional single point DDoS protection and introduces innovative risk management with hybrid methods and algorithms to mitigate large-scale DDoS attacks and connection flooding.
GameShield protects by utilizing these algorithms for quick-splitting of normal traffic and hacking. GameShield can detect minor attempts to mimic normal user behavior and block it with end-to-end encryption. GameShield improvises by preventing attackers from locking on to an IP address. It implements smart scheduling and identification by allowing genuine users to hide, leaving attackers exposed.
We will discuss GameShield more in the next article of this series.
A denial of service can hurt business continuity and your business’ reputation. Alibaba Cloud Anti-DDoS solutions cover any protection an individual, small, medium, or large enterprise could need. Alibaba Cloud Anti-DDoS offers different free and paid solutions to help customers on multiple levels.
- Warding off DDoS Attacks with Anti-DDoS — Part 4: Global DDoS Collaborative Protection and GameShield