In the Anti-DDoS Pro console, you can view a list of black hole events for all assets
that belong to an account. For example, you can view the time point when a black hole
is enabled for an asset and a list of IP addresses from which attacks originate.
Background information
The public IP address of an Elastic Compute Service (ECS) or Server Load Balancer
(SLB) instance may experience a large number of distributed denial of service (DDoS)
attacks. If the throughput of these attacks exceeds the predefined black hole triggering
threshold, all traffic to the public IP address is routed to a black hole. Your businesses
are no longer accessible by clients because all exterior traffic is dropped.
The black hole triggering threshold for an instance changes based on the region where
the instance resides. For more information about black holes, see Alibaba Cloud black hole policies.
Procedure
- Log on to the Alibaba Cloud Anti-DDoS Basic console.
- On the top of the Assets page, select a region.
- Select the ECS, SLB, EIP (including NAT), or Others tab based on the type of cloud service for which you want to configure a cleaning
threshold.
- In a list of instances, find the target instance and click the IP address of the instance.
If excessive instances exist, we recommend that you search for the target instance
by using the
instance ID,
instance name, or
instance IP as the search condition.

- On the Instance Details page, view a list of historical black hole events where the Event is Black Hole and view the peak traffic for each attack.
The
Start time and
End time of a black hole event are displayed.
Note If no black hole or scrubbing event for an asset exists, no result is displayed in
the event list.
- Optional: In the Operation column of the target event, click Download. You can use the downloaded packet file for the attack event as evidence of criminal
activity. You can send the evidence to the Internet Crime Reporting Center.