Anti-DDoS Pro provides four layer-4 cleaning modes against the IP-level flow cleaning policies for your choice.

Background information

Note Currently, cleaning mode change only supports CT/CU and International lines. Generally, new cleaning policies take effect several minutes after you change the cleaning mode.
  • Low: This mode uses loose cleaning policies with a relatively large threshold of the speed limit.
    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Applies easing restrictions on access IPs and destination IPs, mostly on the speed limit side.
  • Medium: The default Medium mode uses normal cleaning policies.
    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Applies restrictions on access IPs and destination IPs in a certain scope, mostly on the speed limit side.
    • Under circumstances, enables the reverse detection algorithm for the package filtering in a certain scope.
  • Emergency: This mode uses relative strict cleaning policies. It enables connection detection for each IP to block IPs that have too many connections.
    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Discards UDP packages.
    • Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.
  • High: This mode uses strict cleaning policies. It enables the origin authentication algorithm for package filtering under certain conditions.
    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Discards UDP packages.
    • Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking, and connection limits are enabled.
    • Enables the reverse detection algorithm for the package filtering in a certain scope.
      Note As some clients may not respond normally to this algorithm, partial normal requests can be blocked.

By default, your Anti-DDoS Pro instance uses the Medium cleaning mode. You can change the 4-layer cleaning mode as you needed.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. Go to the Asset > Instance List, choose an ISP line of an Anti-DDoS Pro instance, click Setting in the Protection Info column to go to the DDoS Attack Protection page for the instance.
    Note You can also go to the Protection > Setting > DDoS Attack Protection page, and manually locate the Anti-DDoS Pro instance.


  3. Click Cleaning Mode, locate the ISP line that you want to change the cleaning mode for, and click Change.

  4. Click to select a cleaning mode, and then click OK.

Result

After several minutes, the selected cleaning mode takes effect.