Alibaba Cloud Anti-DDoS Basic
Alibaba Cloud Anti-DDoS Basic is a cloud-based security service that integrates with Alibaba Cloud ECS instances to safeguard your data and applications from DDoS attacks, and provides increased visibility and control over your security measures.
Built using Intel® Xeon® E5-2600 v3 processor family, Alibaba Cloud Anti-DDoS Basic delivers record-breaking performance that gives you the power and capacity to fuel your best business ideas and handle data-demanding and transaction-intensive applications.
For more information, see the Anti-DDoS Basic product details page.
- Security credibility planYou can enjoy an extra DDoS mitigation capacity on top of the default offering based on your security credibility score.
- Extensive protection scenariosAnti-DDoS Basic defends against various DDoS attacks, including but not limited to ICMP flood, UDP flood, TCP flood, SYN flood, and ACK flood attacks.
- Scalable DDoS mitigation capacityBy improving your credibility score, you can get more extra DDoS mitigation capacity.
- Shortened black hole durationWith security credibility, the default black hole duration triggered by extreme attacks can be shortened, bringing your business back to life faster.
- Maintainable security credibilityYou can learn the scoring criteria of the security credibility score and take the initiative to improve it.
Anti-DDoS Basic works
Anti-DDoS Basic currently supports BGP and DNS redirection technologies. Its dominant protection mode is passive cleansing, supplemented by active suppression. The service comprehensively manages DDoS attacks.
On the basis of conventional technologies, such as proxy, detection, rebound, authentication, black/white lists, and message compliance, Alibaba Cloud Anti-DDoS Basic also integrates web security and filtering, reputation analysis, Layer-7 application analysis, user behavior analysis, feature learning, defense and counter-work, and other technologies. This service can block and filter threats, and guarantees that the protected users are secured even during the attack.
The present Anti-DDoS system built by Alibaba Cloud offers T-level defense capacity. Meanwhile, Alibaba Cloud is also expanding its protection nodes in various regions.Based on independently developed Alibaba Cloud Security, Alibaba Cloud offers anti-DDoS service to defend against Layer-3 to Layer-7 DDoS attacks such as SYN flood, UDP flood, ACK flood, ICMP flood, DNS Query flood, NTP Reply flood, and HTTP flood attacks. The attacks protected against by Anti-DDoS Basic service are listed in the following figure:
Anti-DDoS Basic builds DDoS attack detection and cleansing systems at the egress of Alibaba Cloud data centers and mainly adopts the bypass deployment architecture. The network topology of Anti-DDoS Basic service is illustrated as follows:
Alibaba Cloud Security Anti-DDoS Basic service provides the following functions.
Type | Feature | Description |
---|---|---|
Attack protection | Malformed message filtering | Filters frag flood, smurf, stream flood, and land flood attacks. |
Attack protection | Malformed message filtering | Filters malformed IP packets, TCP packets and UDP packets. |
Attack protection | DDoS attack protection on transport layer | Filters syn flood, ack flood, udp flood, icmp flood, and rstflood attacks. |
Management | Attack evidence collection | Captures abnormal traffic packets automatically. |
Management | Attack event management | Supports management statistics about attack events and attack traffics. |