Protection Level and Cleansing Threshold

Last updated: 2021-01-06 18:32:10

    This document introduces the use cases of different protection levels and the actions Anti-DDoS Pro takes to defend against DDoS attacks. You can follow this guide to set the DDoS protection levels in the console.

    Use Cases

    Anti-DDoS Pro provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:

    Protection Level Protection Action Description
    Loose
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
  • This cleansing policy is loose and only defends against explicit attack packets.
  • We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system.
  • Medium
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
    • Filters common UDP-based attack packets.
    • Actively verifies the source IPs of some access attempts.
  • This cleansing policy is suitable for most businesses and capable of defending against common attacks.
  • The level Medium is chosen by default.
  • Strict
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
    • Filters common UDP-based attack packets.
    • Actively verifies the source IPs of some access attempts.
    • Filters ICMP attack packets.
    • Filters common UDP attack data packets.
    • Strictly checks UDP data packets.
    This cleansing policy is strict. We recommend choosing this level when attack packets pass through the security system on Normal mode.

    Note:

    • If you need to use UDP in your business, please contact sales to customize an ideal policy for not letting the level Strict affect normal business process.
    • The level Medium is chosen by default in each Anti-DDoS Pro instance.

    Prerequisites

    You have successfully purchased an Anti-DDoS Pro instance and set the protected target.

    Directions

    1. Log in to the DDoS console and click Anti-DDoS Pro (New) -> Configurations on the left sidebar.
    2. Select an Anti-DDoS Pro ID from the left list, e.g., bgp-000000iu, and then open the IP and Port Protection tab.
    3. Choose a protection level in the DDoS Protection Level section.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help