Help Center> Anti-DDoS> Glossary> Glossary> Glossary

A

    • A
      ACK flood

      See ACK flood attack

      ACK flood attack

      In an ACK flood attack, the attacker sends a large number of ACK packets to the target server through a botnet. As a result, the packets cause link congestion with an excessive load, or requests with changing source addresses or destination ports sent at extremely high rates cause an abnormality in the forwarding device and then lead to network breakdown, or processing capability of the target server is exhausted and the server fails to provide services normally.

      Anti-DDoS

      See Anti-distributed denial of service

      Anti-distributed denial of service

      Anti-distributed denial of service (anti-DDoS) refers to protection against DDoS attacks.

    B

      • B
        black hole

        A black hole is a status where a server detects zero access traffic from the Internet because Internet access to the server has been blocked.

        black hole duration

        Black hole duration is computed with a weighting algorithm based on a user's tier and the peak attack traffic and number of black holes of the last week. Longer black hole duration means longer business interruption. Advanced Anti-DDoS is recommended for users that are frequently attacked.

        black hole threshold

        A black hole threshold is computed with a weighting algorithm based on a user's tier and the peak attack traffic and number of black holes of the last week. A higher threshold gives the user a bigger free protection bandwidth. On the contrary, if a user is frequently attacked and black holes are frequently triggered for the user, the black hole threshold will be low and the free protection bandwidth the user gets from Anti-DDoS will be small. In a black hole, a user's business becomes unaccessible. Advanced Anti-DDoS is recommended for users that are frequently attacked.

      C

        • C
          CC attack

          See challenge collapsar attack

          challenge collapsar attack

          A Challenge Collapsar (CC) attack is targeted at web servers or application programs by means of standard GET or POST requests used for obtaining information. If the requests involve Universal Resource Identifiers (URIs) of database operations or URIs consuming other system resources, server resources are exhausted and the target servers will be unable to respond normally.

        D

          • D
            DDoS attack

            See distributed denial of service attack

            distributed denial of service attack

            A denial-of-service (DoS) attack (a flood attack) is an attempt to use up the network or system resources of a computer to temporarily interrupt or stop services on the computer, thereby causing users unable to access the services normally. A DDoS attack is one in which two or more compromised computers are used to attack a single target, thereby causing denial of service for users of the targeted computer.

          S

            • S
              security reputation score

              A black hole threshold and duration are computed with a weighting algorithm based on a user's tier and the peak attack traffic and number of black holes of the last week. Then, the threshold and duration are used to further compute a security reputation score of the user with a weighting algorithm.

              slow HTTP attack

              In a slow HTTP attack, after managing to establish a connection with an HTTP server, the attacker specifies a large content-length and sends packets at very low rates, such as one byte per one to 10 seconds, and maintains the connection. If the client builds more such connections, available connections on the server will be exhausted bit by bit, causing the server unable to provide services.

              SYN flood

              See SYN flood attack

              SYN flood attack

              In a SYN flood attack, the malicious client (the attacker) uses forged SYN packets (the source addresses of which are fake or non-existent) to send connection requests to the target server. The target server acknowledges those requests by returning SYN-ACK. However, the client does not respond to the server with an expected ACK packet. As a result, the target server has a large number of half-open connections that last until timeout. Those connections exhaust server resources, causing the target server to fail to create normal TCP connections, as expected by the attacker.

            T

              • T
                TCP attack

                In Transmission Control Protocol (TCP) attacks, attackers send forged TCP packets to target servers, with abnormal flag settings intended to make the servers unresponsive to normal user requests.

                traffic cleaning

                Traffic cleaning is a network security service used to precisely identify and discard abnormal traffic on a network to ensure passing of normal traffic. Traffic cleaning is mainly used to protect computers against DDoS attacks.

              U

                • U
                  UDP flood

                  See UDP flood attack

                  UDP flood attack

                  In a User Datagram Protocol (UDP) flood attack, the attacker sends a large number of typically large UDP packets over a botnet at very high rates, thereby exhausting server resources and causing servers unresponsive to normal user requests.