When the public IP of an ECS or SLB instance is under a massive DDoS attack, and its traffic exceeds the corresponding blackhole threshold, the IP is then black-holed, which leads to server unavailability.
In this situation, you can view details of the DDoS event and know the reason as to why the IP was black-holed in the Alibaba Cloud Anti-DDoS Basic console.
- Log on to the Anti-DDoS Basic console.
- Select the region.
- On the ECS, SLB, or EIP( including NAT) instance type tab. page, select the
- In the instance list, locate the target instance, whose Status is Black hole activated.
Note You can search for target instances by Instance ID, Instance Name, or Instance IP.
- Click the instance IP to view the time that the instance was black-holed and the traffic that it suffered during the attack.