How Anti-DDoS Basic works

Last Updated: Oct 16, 2017

Anti-DDoS Basic service currently supports BGP and DNS redirection technologies. Its dominant protection mode is passive cleansing, supplemented by active suppression. The service comprehensively manages DDoS attacks, freeing you from any worries.
On the basis of conventional technologies, such as proxy, detection, rebound, authentication, black/white lists, and message compliance, Alibaba Cloud Anti-DDoS Basic service also integrates web security and filtering, reputation analysis, Layer-7 application analysis, user behavior analysis, feature learning, defense and counter-work and other technologies. Therefore, the service is capable of blocking and filtering threats, ensuring that protected users are still able to provide services even when under attack.
The present Anti-DDoS system built by Alibaba Cloud is capable of offering T-level defense capacity. Meanwhile, Alibaba Cloud is also expanding its protection nodes in various regions.

Based on independently developed Alibaba Cloud Security, Alibaba Cloud offers anti-DDoS service to defend against Layer-3 to Layer-7 DDoS attacks such as SYN flood, UDP flood, ACK flood, ICMP flood, DNS Query flood, NTP Reply flood and HTTP flood attacks. The attack types protected against by Anti-DDoS Basic service are listed in the figure below:

Anti-DDoS Basic service protection

Anti-DDoS Basic service builds DDoS attack detection and cleansing systems at the egress of Alibaba Cloud data centers and mainly adopts offline architecture.
The network topology of Anti-DDoS Basic service is illustrated as follows:

Anti-DDoS Basic architecture

Thank you! We've received your feedback.