After you add your service to Anti-DDoS Pro or Anti-DDoS Premium, you can view the events and details of attacks on the Attack Analysis page. This way, you can obtain an overview of the protection status. You can also provide feedback on protection effect. This topic describes how to view information on the Attack Analysis page.

Prerequisites

  • An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased.

    For more information about how to purchase an Anti-DDoS Pro or Anti-DDoS Premium instance, see Purchase mitigation plans for Anti-DDoS Pro and Anti-DDoS Premium.

  • Your service is added to Anti-DDoS Pro or Anti-DDoS Premium.

    For more information about how to add website services, see Add a website.

    For more information about how to add non-website services, such as client gaming, mobile gaming, and app services, see Create forwarding rules.

Background information

The Attack Analysis page in the Anti-DDoS Pro or Anti-DDoS Premium console displays the events and details of DDoS attacks. The attacks include web resource exhaustion attacks, connection flood attacks, and volumetric attacks. On the Attack Analysis page, you can view the information about an attack event, such as the attack target, start time, end time, and peak attack traffic. You can also provide feedback on protection effect.

For more information about DDoS attack types, see Common DDoS attack types.

You can view the event details only of the volumetric DDoS attacks on the Attack Analysis page. The details include the source IP addresses, attack types, and source locations. This way, the attack mitigation process becomes visualized and the user experience of protection analysis is improved.
Note You cannot view the event details of connection flood attacks and web resource exhaustion attacks.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Mainland China: If you select this region, the Anti-DDoS Pro console appears.
    • Outside Mainland China: If you select this region, the Anti-DDoS Premium console appears.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Investigation > Attack Analysis.
  4. On the Attack Analysis page, select an attack type and a time range to query attack events.
    • Attack type: Select Web Resource Exhaustion Attack, Connection Flood Attack, Volumetric Attack, or All attack types.
    • Time range: Select One Day, Seven Days, or One Month. Alternatively, specify a custom time range. A custom time range must be within the last 180 days.
    Attack Analysis
    The Attack Analysis page displays the following information:
    • In the upper part of the page, Peak of Volumetric Attack (bps), Peak of Connection Flood Attack (cps), and Peak of Web Resource Exhaustion Attack (qps) are displayed.
    • In the lower part of the page, the attack events are displayed. The information about each attack event includes Attack type, Attack target, Starting and ending time, and Peak of Attack.

    If you have suggestions or questions about the protection effect on an attack event, click Feedback in the Actions column to submit your feedback. All suggestions are greatly appreciated.

  5. Optional:View the details of a Volumetric Attack event.
    You can view the details of a Volumetric Attack event. You cannot view the event details of connection flood attacks and web resource exhaustion attacks.

    On the Attack Analysis page, find a Volumetric Attack event and click View details in the Actions column. The Details of the incident page appears. You can view the event details and configure protection settings.

    Details of the incident
    The Details of the incident page displays the following information:
    • In the upper part of the page, Attack Time, Attack Target, Peak of attack bandwidth (Gbps), and Peak of attack packet (Kpps) are displayed. You can click Mitigation Settings for Attack Target to go to the General Policies page. On this page, you can modify the protection settings.
    • Attack protection details: displays the trends of inbound and outbound traffic, traffic scrubbing bandwidth, and traffic scrubbing packets during the attack.
    • Attack source IP: displays the source locations and IP addresses of the attack. The list displays the top 10 IP addresses from which the most attacks are initiated. You can click More to view information about the top 100 IP addresses.

      If you want to block traffic from specific IP addresses, click Blacklist Settings in the lower-left corner of the Attack source IP section. On the General Policies page, configure Blacklist and Whitelist (Instance IP). For more information, see Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance.

    • Attack source area: displays the distribution of locations from which attack traffic is originated. You can click More to view the distributions of requests from different locations.

      If you want to block traffic from specific locations, click Geo-blocking Settings in the lower-left corner of the Attack source area section. On the General Policies page, configure Blocked Regions. For more information, see Configure blocked regions.

    • Attack type: displays the distribution of attack types. You can click More to view the distributions of different attack types.
    • Optional:Attack source ISP: displays the distribution of Internet service providers (ISPs) from which attack traffic originates. You can click More to view the distributions of requests from different ISP networks.
      Note The Attack source ISP section is available only in the Anti-DDoS Pro console.