Help Center/ Elastic Cloud Server/ FAQs/ ECS Security Check FAQ/ How Does an ECS Defend Against DDoS Attacks?
Updated on 2024-09-29 GMT+08:00

How Does an ECS Defend Against DDoS Attacks?

What Is a DDoS Attack?

Denial of Service (DoS) attacks, also known as flood attacks, intend to exhaust the network or system resources on the target computer, causing service interruption or suspension. Consequently, legitimate users fail to access network services. When an attacker uses multiple compromised computers on the network as attack machines to launch DoS attacks to specific targets, the attacks are called Distributed Denial of Service (DDoS) attacks.

What Is Anti-DDoS?

Anti-DDoS defends ECSs against DDoS attacks and sends real time alarms when detecting attacks. In addition, Anti-DDoS improves the bandwidth utilization to further safeguard your services.

Anti-DDoS monitors the service traffic from the Internet to public IP addresses and detects attack traffic in real time. It then scrubs attack traffic based on user-configured defense policies without interrupting service running. It also generates monitoring reports that provide visibility into the security of network traffic.

Anti-DDoS

Anti-DDoS defends ECSs against DDoS attacks and sends real time alarms when detecting attacks. In addition, Anti-DDoS improves the bandwidth utilization to further safeguard your services.

Anti-DDoS monitors the service traffic from the Internet to public IP addresses and detects attack traffic in real time. It then scrubs attack traffic based on user-configured defense policies without interrupting service running. It also generates monitoring reports that provide visibility into the security of network traffic.

Anti-DDoS helps you mitigate the following attacks:

  • Web server attacks

    Include SYN flood, HTTP flood, Challenge Collapsar (CC), and low-rate attacks

  • Game attacks

    Include User Datagram Protocol (UDP) flood, SYN flood, TCP-based, and fragmentation attacks

  • HTTPS server attacks

    Include SSL DoS and DDoS attacks

  • DNS server attacks

    Include attacks exploiting DNS protocol stack vulnerabilities, DNS reflection attacks, DNS flood attacks, and DNS cache miss attacks

Anti-DDoS also provides the following functions:

  • Monitors a single EIP and offers a monitoring report, covering the current protection status, protection settings, and the traffic and anomalies within the last 24 hours.
  • Provides attack statistics reports on all protected EIPs, covering the traffic scrubbing frequency, scrubbed traffic amount, top 10 attacked EIPs, and number of blocked attacks.