Solution and Prevention Measures

You can take measures to defend against UDP amplification attacks based on service requirements. The following provides some recommended protection measures for your reference.

• Pay attention to the latest security advisories and bulletins released by security vendors, and implement targeted protection policies against such attacks in a timely manner.
• Use firewalls to control access to the UDP ports of ECSs.
• Configure security groups to control access to UDP ports. For details, see Configuring Security Group Rules.
• Configure local IP addresses, disable external access, disable the UDP protocol, and enable login authentication.
• Adjust some parameters and restart the server to disable UDP.
• Create a profile of normal packet sizes based historical data, so you can easily detect overly small or overly large packets that may be part of the attack traffic.