edit-icon download-icon

How to determine the attack type by using Anti-DDoS Pro?

Last Updated: Mar 20, 2018

This article describes the method for you to identity the attack your Anti-DDoS Pro IP addresses suffer, from HTTP flood attack and DDoS attack.

Features of attacks

  • HTTP flood attack: mainly indicates layer-7 website connection attacks.
  • DDoS attack: mainly indicates layer-4 heavy traffic attacks.

Procedure

Follow these steps to identity the attack your Anti-DDoS Pro IP addresses suffer:

  1. Log on to the Alibaba Cloud Security Anti-DDoS console.

  2. Go to Anti-DDoS Pro > Security Report.

  3. Check attack records in the DDoS Protection and HTTP Flood Protection reports to determine the attack type.

    • For DDoS attack, you can find attack traffic record in the DDoS Protection report, and traffic cleaning is triggered. However, no associated record can be found in the HTTP Flood Protection report.

    • For HTTP flood attack, you can find attack traffic record in both of the DDoS Protection and HTTP Flood Protection reports, and traffic cleaning is triggered in the DDoS Protection report.

The DDoS Protection report only records layer-4 traffic. The HTTP flood are layer-7 attacks, and the relevant protection result can only be viewed in the HTTP Flood Protection report.

Thank you! We've received your feedback.