All Products
Search

This Product

    Anti-DDoS:Scenarios

    Document Center

    Anti-DDoS:Scenarios

    Last Updated:Oct 16, 2023

    Anti-DDoS Origin Enterprise protects your resources against Layer 3 and Layer 4 distributed denial-of-service (DDoS) attacks. When the bandwidth consumed by DDoS attacks exceeds the default scrubbing threshold that is predefined in Anti-DDoS Origin Enterprise, traffic scrubbing is automatically triggered to protect against DDoS attacks.

    Overview

    Anti-DDoS Origin Enterprise is suitable for large-scale services that are deployed on Alibaba Cloud and require high network quality. The risk of your services being exposed to DDoS attacks is low. However, if a DDoS attack occurs, it can cause you to suffer service interruptions and significant economic losses. Anti-DDoS Origin Enterprise delivers high protection capabilities against DDoS attacks and reduces potential risks at minimal cost. Anti-DDoS Origin Enterprise is suitable for the following scenarios:

    • The resources are deployed on Alibaba Cloud.

    • A large number of public IP addresses need to be protected.

    • The services require high bandwidth or have high queries per second (QPS).

    • IPv6-based requests exist.

    Attack types

    Attack type

    Security specification (recommended)

    Reflection attacks such as Simple Service Discovery Protocol (SSDP), Network Time Protocol (NTP), and Memcached attacks.

    We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS). You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.

    UDP flood attacks

    SYN flood attacks (large packets)

    SYN flood attacks (small packets)

    Connection flood attacks

    HTTP flood attacks

    We recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF) to use WAF to defend against HTTP flood attacks and use Anti-DDoS Origin Enterprise to defend against DDoS attacks.

    Web attacks

    Business scenarios

    Service type

    Security specification (recommended)

    Websites

    • To protect your website against just DDoS attacks:

      We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS). You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.

    • To protect your website against DDoS attacks, HTTP flood attacks, and web attacks:

      We recommend that you integrate Anti-DDoS Origin Enterprise with Web Application Firewall (WAF) to use WAF to defend against HTTP flood attacks and use Anti-DDoS Origin Enterprise to defend against DDoS attacks.

    Games

    We recommend that you use Anti-DDoS Origin Enterprise to protect your assets and IP addresses. You can use EIPs integrated with Anti-DDoS Pro/Premium to mitigate DDoS attacks at the Tbit/s level.

    UDP-based services

    Apps

    We recommend that you use the deployment method that integrates Anti-DDoS Origin Enterprise, Application Load Balancer (ALB) or Classic Load Balancer (CLB), and Elastic Compute Service (ECS). You can use Server Load Balancer (SLB) to drop inbound traffic whose protocol and port are not specified in the SLB listener.