Anti-DDoS
User Guide
Issue |
01 |
Date |
2018-08-15 |
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise fi in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every ff has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2018-08-15) |
Copyright © Huawei Technologies Co., Ltd. |
i |
Anti-DDoS |
|
User Guide |
Contents |
Contents
1 Introduction.............................................................................................................................. |
|
|
1 |
|
1.1 |
Functions.................................................................................................................................................................................... |
|
|
1 |
1.2 |
Application Scenarios............................................................................................................................................................. |
|
2 |
|
1.3 |
Accessing and Using Anti-DDoS......................................................................................................................................... |
2 |
||
1.3.1 How to Access Anti-DDoS................................................................................................................................................. |
2 |
|||
1.3.2 How to Use Anti-DDoS...................................................................................................................................................... |
|
3 |
||
1.3.3 Related Services.................................................................................................................................................................... |
|
|
3 |
|
1.3.4 User Permissions.................................................................................................................................................................. |
|
|
4 |
|
2 Operation Guide...................................................................................................................... |
|
|
5 |
|
2.1 |
Enabling Anti-DDoS................................................................................................................................................................ |
|
|
5 |
2.2 |
Enabling Alarm |
fi |
n................................................................................................................................................ |
7 |
2.3 |
Adjusting Security Settings.................................................................................................................................................. |
8 |
||
2.4 |
Viewing a Monitoring Report........................................................................................................................................... |
11 |
||
2.5 |
Viewing an Interception Report....................................................................................................................................... |
12 |
||
3 FAQs.......................................................................................................................................... |
|
|
14 |
|
3.1 |
What Is Anti-DDoS?............................................................................................................................................................. |
|
|
14 |
3.2 |
What Services Can Anti-DDoS Protect?........................................................................................................................ |
14 |
||
3.3 |
How Do I Use Anti-DDoS?................................................................................................................................................. |
|
14 |
|
3.4 |
What Kinds of Attacks Does Anti-DDoS Defend Against?...................................................................................... |
14 |
||
3.5 |
Will I Be Promptly |
fi |
When an Attack Is Detected?..................................................................................... |
15 |
A Change History...................................................................................................................... |
|
|
16 |
Issue 01 (2018-08-15) |
Copyright © Huawei Technologies Co., Ltd. |
ii |
Anti-DDoS |
|
User Guide |
1 Introduction |
1Introduction
The Anti-DDoS ffi cleaning service (Anti-DDoS for short) defends elastic IP addresses (EIPs) against networkand application-layer distributed denial of service (DDoS) attacks and sends alarms immediately when detecting an attack. In addition, Anti-DDoS improves the utilization of bandwidth and ensures the stable running of users' services.
Anti-DDoS monitors the service |
ffi from the Internet to EIPs to detect attack |
||
ffi in real time. It then cleans attack |
ffi according to |
nfi |
defense policies so that services run as normal. In addition, monitoring reports are generated, presenting users with clear network security evaluations.
Anti-DDoS helps users cope with ffi attacks with ease. It can precisely identify connection exhaustion and slow-connection attacks and can help users defend against the following attacks:
●Web server attacks
|
Such as SYN fl |
HTTP fl |
Challenge Collapsar (CC), and slow- |
||
|
connection attacks |
|
|
|
|
● |
Game attacks |
|
|
|
|
|
Such as User Datagram Protocol (UDP) fl |
SYN fl |
Transmission Control |
||
|
Protocol (TCP), and fragment attacks |
|
|
||
● |
HTTPS server attacks |
|
|
|
|
|
Such as SSL DoS and DDoS attacks |
|
|
||
● |
DNS server attacks |
|
|
|
|
Such as attacks targeted at vulnerabilities in the Domain Name Server (DNS) protocol stack, DNS fl n attacks, DNS fl attacks, and DNS cachemiss attacks
Anti-DDoS also provides the following functions:
●Providing monitoring records for each EIP, including the current defense
status, current defense nfi |
n and the last 24 hours' ffi and |
abnormalities. |
|
Issue 01 (2018-08-15) |
Copyright © Huawei Technologies Co., Ltd. |
1 |
Anti-DDoS |
|
User Guide |
1 Introduction |
● |
Providing attack statistics reports on all protected EIPs, covering the ffi |
|
cleaning frequency, cleaned ffi amount, top 10 attacked EIPs, and number |
|
of blocked attacks. |
Anti-DDoS defends only EIPs against DDoS attacks.
Anti-DDoS devices are deployed at egresses of data centers. Figure 1-1 shows the network topology.
The detection center detects network access ffi according to nfi security policies. If an attack is detected, data is diverted to cleaning devices for real-time defense. Abnormal ffi is cleaned, and normal ffi is forwarded.
Figure 1-1 Network topology
1.3Accessing and Using Anti-DDoS
1.3.1How to Access Anti-DDoS
Anti-DDoS provides a web-based service management platform. You can access Anti-DDoS using the management console or HTTPS-based application programming interfaces (APIs).
●Management console
Issue 01 (2018-08-15) |
Copyright © Huawei Technologies Co., Ltd. |
2 |
Anti-DDoS |
|
User Guide |
1 Introduction |
If you have registered an account, you can log in to the management console directly. On the home page, choose Security > Anti-DDoS to access the AntiDDoS service.
●HTTPS-compliant APIs
You can access Anti-DDoS using APIs. For details, see the Anti-DDoS API Reference.
1.3.2How to Use Anti-DDoS
Description:
●Anti-DDoS defends IP addresses against DDoS attacks after you enable it.
● Enable alarm n fi |
n which sends n fi |
n by SMS or email when an |
IP address is under a DDoS attack. |
|
●Adjust security settings based on service needs during defense.
●View monitoring and interception reports after the defense is enabled to check network security situations.
●You can disable Anti-DDoS defense as required.
CTS
Cloud Trace Service (CTS) provides you with a history of Anti-DDoS operations. After enabling CTS, you can view all generated traces to review and audit performed Anti-DDoS operations. For details, see the Cloud Trace Service User Guide.
●Anti-DDoS operations that can be recorded by CTS
Table 1-1 Anti-DDoS operations that can be recorded by CTS
Operation |
Trace Name |
|
|
Enabling Anti-DDoS |
openAntiddos |
|
|
Disabling Anti-DDoS |
deleteAntiddos |
|
|
Adjusting Anti-DDoS security settings |
updateAntiddos |
|
|
●Using CTS to view Anti-DDoS audit logs
a.Log in to the management console.
b.Select Cloud Trace Service under Management & Deployment.
c.In the left navigation pane, choose Trace List.
d. You can use fi |
to query traces. The following four fi |
are available: |
▪Trace Source, Resource Type, and Search By
○Select query conditions from the drop-down list, for example, choose Anti-DDoS > anti-ddos > Trace name > openAntiddos to query all Anti-DDoS enabling operations.
Issue 01 (2018-08-15) |
Copyright © Huawei Technologies Co., Ltd. |
3 |