Alibaba Cloud integrates advanced security technologies and years of experience in DDoS mitigation into a variety of commercial anti-DDoS solutions. You can select an anti-DDoS solution based on your service requirements. This topic describes how to select anti-DDoS solutions for different scenarios.
Scenarios
Scenario | Applicable scope | Description | Mitigation plan |
---|---|---|---|
High-risk DDoS attacks (Anti-DDoS Pro or Anti-DDoS Premium is recommended.) |
|
Anti-DDoS Pro and Anti-DDoS Premium can protect Alibaba Cloud Elastic Compute Service (ECS) instances and servers that are not deployed on Alibaba Cloud from volumetric DDoS attacks. They can route network traffic to the Alibaba Cloud global anti-DDoS network by using DNS resolution, scrub volumetric and resource exhaustion attack traffic, and hide the IP addresses of origin servers. | Select a mitigation plan for Anti-DDoS Pro or Anti-DDoS Premium based on the following
descriptions:
|
Low-risk DDoS attacks on large-scale services (Anti-DDoS Origin is recommended.) |
|
Anti-DDoS Origin improves the DDoS mitigation capabilities of Alibaba Cloud services. These services include ECS, Server Load Balancer (SLB), Web Application Firewall (WAF), and Elastic IP Address (EIP). Anti-DDoS Origin uses the native protection network of Alibaba Cloud to mitigate volumetric DDoS attacks without changing the IP addresses of origin servers. |
Select a mitigation plan for Anti-DDoS Origin based on the following descriptions:
|
DDoS attacks on mobile applications (GameShield is recommended.) |
|
GameShield can mitigate volumetric DDoS attacks and HTTP flood attacks in the gaming industry. GameShield integrates the lightweight Alibaba Cloud Security SDKs to eliminate DDoS attacks, HTTP flood attacks, and TCP flood attacks that are specific to the gaming industry faced by mobile applications. | None. |
Service types
Service type | Anti-DDoS Pro and Anti-DDoS Premium | Anti-DDoS Origin | GameShield |
---|---|---|---|
Websites | √ | √ | × |
UDP-based services | √ | × | √ |
Applications | √ | √ | × |
Games | √ | × | √ (Recommended) |
DDoS attack types
- √: indicates that mitigation is supported
- x: indicates that mitigation is not supported
Attack type | Anti-DDoS Pro and Anti-DDoS Premium | Anti-DDoS Origin | GameShield |
---|---|---|---|
Malformed packet attacks | √ | √ | √ |
Transport layer DDoS attacks | √ | √
Anti-DDoS Origin can mitigate SYN flood attacks (packet fragment attacks), but the mitigation capability is limited. In this case, we recommend that you use Anti-DDoS Pro or Anti-DDoS Premium. |
√ |
DNS DDoS attacks | √ | ×
We recommend that you use WAF and Anti-DDoS Origin Enterprise. |
× |
Connection-based DDoS attacks | √ | ×
We recommend that you use WAF and Anti-DDoS Origin Enterprise. |
√ |
Application-layer attacks | √ | ×
We recommend that you use WAF and Anti-DDoS Origin Enterprise. |
× |