Protection Level and Cleansing Threshold

Last updated: 2021-01-06 18:31:20

    This document introduces the use cases of different protection levels and the actions Anti-DDoS Advanced takes to defend against DDoS attacks. You can follow this guide to set the DDoS protection levels in the console.

    Use Cases

    Anti-DDoS Advanced provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:

    Protection Level Protection Action Description
    Loose
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
  • This cleansing policy is loose and only defends against explicit attack packets.
  • We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system.
  • Medium
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
    • Filters common UDP-based attack packets.
    • Actively verifies the source IPs of some access attempts.
  • This cleansing policy is suitable for most businesses and capable of defending against common attacks.
  • The level Medium is chosen by default.
  • Strict
    • Filters SYN and ACK data packets with explicit attack attributes.
    • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
    • Filters UDP data packets with explicit attack attributes.
    • Filters common UDP-based attack packets.
    • Actively verifies the source IPs of some access attempts.
    • Filters ICMP attack packets.
    • Filters common UDP attack data packets.
    • Strictly checks UDP data packets.
    This cleansing policy is strict. We recommend choosing this level when attack packets pass through the security system on Normal mode.

    Note:

    • If you need to use UDP in your business, please contact sales to customize an ideal policy for not letting the level Strict affect normal business process.
    • The level Medium is chosen by default in each Anti-DDoS Advanced instance, and you can adjust the protection level as needed. Also, you can set the cleansing threshold, so that the traffic exceeding the set value can be automatically cleansed.

    Prerequisites

    You have successfully purchased an Anti-DDoS Advanced instance and set the protected target.

    Directions

    1. Log in to the DDoS console and click Anti-DDoS Advanced (New) -> Configurations on the left sidebar.
    2. Select an Anti-DDoS Advanced ID or port from the left list, e.g., 212.64.xx.xx bgpip-000002jt or119.28.xx.xx bgpip-000002ju -> tcp:8000.
    3. Choose a protection level and set the cleansing threshold in the DDoS Protection Level section.

    Configuration Parameters
    - Protection Level
    For each Anti-DDoS Advanced instance with the protection enabled, the level Medium is chosen by default and you can adjust the protection level as needed.
    - Cleansing Threshold
    - It refers to the threshold to trigger cleansing. If the traffic is below the threshold, the cleansing action will not be taken even if attacks are detected.
    - For each Anti-DDoS Advanced instance with the protection enabled, the cleansing threshold has a default value, and you can set the cleansing threshold as needed. The system will learn the change patterns of business traffic to generate a baseline.

    Note:

    If you have a clear concept about the threshold, set it as needed. Otherwise please leave it to the default value. Anti-DDoS will automatically learn through AI algorithms and generate the default threshold for you.