Anti-DDoS:Use the feature of UDP Reflection Attacks Protection

If you want to use Anti-DDoS Pro or Anti-DDoS Premium to protect your UDP service, we recommend that you use the feature of UDP Reflection Attacks Protection. You can use this feature to configure filtering policies with a few clicks. Then, Anti-DDoS Pro or Anti-DDoS Premium discards the UDP traffic over specific ports based on the policies. This way, UDP reflection attacks are mitigated. This topic describes how to use the feature.

1. Log on to the Anti-DDoS Pro console.
2. In the top navigation bar, select the region where your instance resides.
   • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
   • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
   You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
4. On the Protection for Infrastructure tab, select the instance for which you want to configure the feature from the list on the left.
   You can search for the instance based on the instance ID or description.
5. In the UDP Reflection Attacks Protection (For instance IP) section, click Change Settings.
   Notice The feature is available only for an Anti-DDoS Pro or Anti-DDoS Premium instance that uses the Enhanced function plan. If you use an Anti-DDoS Pro or Anti-DDoS Premium instance that uses the Standard function plan, click Upgrade to Enhanced to upgrade your instance.

   
6. In the UDP reflection attacks mitigation settings panel, configure filtering policies to specify ports over which UDP reflection attacks may be launched.
   After the filtering policies are configured, Anti-DDoS Pro or Anti-DDoS Premium discards the UDP traffic from the specified ports. If you configure forwarding rules over UDP for multiple UDP services, the filtering policies take effect on all the UDP services.

   You can use one of the following methods to configure filtering policies based on your business requirements:

   • One-click mitigation policy: Select policies from the list in the One-click mitigation policy section. We recommend that you use this method.

     A policy contains a common type of UDP reflection attack and the port over which the attack is launched. We recommend that you select all policies in the list to mitigate UDP reflection attacks that are launched over the ports.

   • Custom mitigation policies: In the Reflection source ports list field of the Custom mitigation policies section, enter the ports over which you want Anti-DDoS Pro or Anti-DDoS Premium to discard the UDP traffic. The ports that you can enter must be within the range from 0 to 65535. You can enter up to 20 ports. Separate multiple ports with commas (,).

     You can use this method to configure filtering policies only for ports that are not in the list of the One-click mitigation policy section.

7. Click OK.
   After filtering policies are configured, Anti-DDoS Pro or Anti-DDoS Premium discards the UDP traffic over the ports that are specified in the filtering policies. This way, your UDP service is protected against UDP reflection attacks. You can modify the filtering policies in the Anti-DDoS Pro or Anti-DDoS Premium console based on your business requirements.