How it Works
Huawei
Loading...
Anti-DDoS
User Manual
19 pgs369.66 Kb0
Table of contents
Loading...

Huawei Anti-DDoS User Manual

Anti-DDoS
User Guide
Issue 01
Date 2018-08-15
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specied in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every eort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2018-08-15) Copyright © Huawei Technologies Co., Ltd. i
Anti-DDoS User Guide Contents

Contents

1 Introduction.............................................................................................................................. 1
1.1 Functions.................................................................................................................................................................................... 1
1.2 Application Scenarios............................................................................................................................................................. 2
1.3 Accessing and Using Anti-DDoS.........................................................................................................................................2
1.3.1 How to Access Anti-DDoS.................................................................................................................................................2
1.3.2 How to Use Anti-DDoS...................................................................................................................................................... 3
1.3.3 Related Services.................................................................................................................................................................... 3
1.3.4 User Permissions.................................................................................................................................................................. 4
2 Operation Guide...................................................................................................................... 5
2.1 Enabling Anti-DDoS................................................................................................................................................................5
2.2 Enabling Alarm Notication................................................................................................................................................ 7
2.3 Adjusting Security Settings.................................................................................................................................................. 8
2.4 Viewing a Monitoring Report........................................................................................................................................... 11
2.5 Viewing an Interception Report....................................................................................................................................... 12
3 FAQs.......................................................................................................................................... 14
3.1 What Is Anti-DDoS?............................................................................................................................................................. 14
3.2 What Services Can Anti-DDoS Protect?........................................................................................................................ 14
3.3 How Do I Use Anti-DDoS?................................................................................................................................................. 14
3.4 What Kinds of Attacks Does Anti-DDoS Defend Against?......................................................................................14
3.5 Will I Be Promptly
Notied When an Attack Is Detected?..................................................................................... 15
A Change History...................................................................................................................... 16
Issue 01 (2018-08-15) Copyright © Huawei Technologies Co., Ltd. ii
Anti-DDoS User Guide 1 Introduction

1 Introduction

1.1 Functions

The Anti-DDoS trac cleaning service (Anti-DDoS for short) defends elastic IP addresses (EIPs) against network- and application-layer distributed denial of service (DDoS) attacks and sends alarms immediately when detecting an attack. In addition, Anti-DDoS improves the utilization of bandwidth and ensures the stable running of users' services.
Anti-DDoS monitors the service trac in real time. It then cleans attack trac according to user-congured defense policies so that services run as normal. In addition, monitoring reports are generated, presenting users with clear network security evaluations.
Anti-DDoS helps users cope with trac attacks with ease. It can precisely identify connection exhaustion and slow-connection attacks and can help users defend against the following attacks:
Web server attacks
Such as SYN connection attacks
Game attacks
Such as User Datagram Protocol (UDP) Protocol (TCP), and fragment attacks
HTTPS server attacks
Such as SSL DoS and DDoS attacks
ood, HTTP ood, Challenge Collapsar (CC), and slow-
trac from the Internet to EIPs to detect attack
ood, SYN ood, Transmission Control
DNS server attacks
Such as attacks targeted at vulnerabilities in the Domain Name Server (DNS) protocol stack, DNS reection attacks, DNS ood attacks, and DNS cache­miss attacks
Anti-DDoS also provides the following functions:
Providing monitoring records for each EIP, including the current defense status, current defense abnormalities.
Issue 01 (2018-08-15) Copyright © Huawei Technologies Co., Ltd. 1
congurations, and the last 24 hours' trac and
Anti-DDoS User Guide 1 Introduction
Providing attack statistics reports on all protected EIPs, covering the trac cleaning frequency, cleaned trac amount, top 10 attacked EIPs, and number of blocked attacks.

1.2 Application Scenarios

Anti-DDoS defends only EIPs against DDoS attacks.
Anti-DDoS devices are deployed at egresses of data centers. Figure 1-1 shows the network topology.
The detection center detects network access security policies. If an attack is detected, data is diverted to cleaning devices for real-time defense. Abnormal
Figure 1-1 Network topology
trac is cleaned, and normal trac is forwarded.
trac according to user-congured

1.3 Accessing and Using Anti-DDoS

1.3.1 How to Access Anti-DDoS

Anti-DDoS provides a web-based service management platform. You can access Anti-DDoS using the management console or HTTPS-based application programming interfaces (APIs).
Management console
Issue 01 (2018-08-15) Copyright © Huawei Technologies Co., Ltd. 2
Anti-DDoS User Guide 1 Introduction
If you have registered an account, you can log in to the management console directly. On the home page, choose Security > Anti-DDoS to access the Anti­DDoS service.
HTTPS-compliant APIs
You can access Anti-DDoS using APIs. For details, see the
Reference
.
Anti-DDoS API

1.3.2 How to Use Anti-DDoS

Description:
Anti-DDoS defends IP addresses against DDoS attacks after you enable it.
Enable alarm notication, which sends notications by SMS or email when an IP address is under a DDoS attack.
Adjust security settings based on service needs during defense.
View monitoring and interception reports after the defense is enabled to check network security situations.
You can disable Anti-DDoS defense as required.

1.3.3 Related Services

CTS
Cloud Trace Service (CTS) provides you with a history of Anti-DDoS operations. After enabling CTS, you can view all generated traces to review and audit performed Anti-DDoS operations. For details, see the
.
Guide
Anti-DDoS operations that can be recorded by CTS
Table 1-1 Anti-DDoS operations that can be recorded by CTS
Operation
Enabling Anti-DDoS openAntiddos
Disabling Anti-DDoS deleteAntiddos
Adjusting Anti-DDoS security settings updateAntiddos
Using CTS to view Anti-DDoS audit logs
a. Log in to the management console.
b. Select Cloud Trace Service under Management & Deployment.
c. In the left navigation pane, choose Trace List.
d. You can use lters to query traces. The following four lters are available:
Cloud Trace Service User
Trace Name
Trace Source, Resource Type, and Search By
Select query conditions from the drop-down list, for example,
choose Anti-DDoS > anti-ddos > Trace name > openAntiddos to query all Anti-DDoS enabling operations.
Issue 01 (2018-08-15) Copyright © Huawei Technologies Co., Ltd. 3
Loading...
+ 13 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use