What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack is a malicious attempt to make a targeted server unavailable by blocking its network bandwidth or overwhelming its system with a flood of internet traffic.
The Harm of DDoS Attacks
If a DDoS attack results in business interruption or damage, it can lead to substantial commercial losses.
Significant Financial Loss: Following a DDoS attack, the origin server may be unable to provide services, preventing users from accessing your business, thereby resulting in substantial financial and brand damage.
Data Leakage: During a DDoS attack on your server, hackers may seize the opportunity to steal your business's core data.
Malicious Competition: In some industries, fierce competition exists, and competitors may resort to DDoS attacks to maliciously disrupt your services, thereby gaining an advantage in the industry competition.
Use Cases for DDoS Protection
Gaming: The gaming industry is a prime target for DDoS attacks. DDoS protection effectively ensures the availability and continuity of games, safeguarding a smooth experience for players. It also provides protection during events, new game releases, or peak revenue periods during holidays, ensuring the normal operation of the gaming business.
Internet: Ensuring smooth and uninterrupted access to internet web pages, particularly during significant events such as major ecommerce promotions, is crucial for maintaining normal business operations.
Finance: Anti-DDoS Pro helps the finance industry meet the compliance requirements and provide fast, secure, and stable online transaction services to customers.
Government: Fulfilling the security requirements of national government cloud construction standards, providing security assurance for major conferences, events, and sensitive periods, ensuring the normal availability of public services, and maintaining government credibility.
Enterprises: Ensure the continuous availability of enterprise site services, prevent economic and brand image losses caused by DDoS attacks, and save on security costs with zero hardware and maintenance.
Introduction to EdgeOne's Default DDoS Protection
DDoS Protection is a service provided by Tencent Cloud EdgeOne to defend against L3/L4 traffic-based DDoS attacks. EdgeOne offers fundamental DDoS protection capabilities to meet daily security operation needs. The platform-level basic DDoS protection is enabled by default, monitoring network traffic in real-time. Upon detecting a traffic-based DDoS attack, it immediately initiates cleansing, providing EdgeOne with second-level protection. The default DDoS protection provides a basic security policy, which is based on attack profiling, behavior pattern analysis, AI intelligent recognition, and other protection algorithms, effectively responding to common DDoS attack behaviors.
Protection Type | Description |
Malformed message filtering | Filters out Frag Flood, Smurf, Stream Flood, and Land Flood attacks, as well as IP, TCP and UDP malformed packets. |
Network Layer DDoS Attack Defense | Filters out UDP Flood, SYN Flood, TCP Flood, ICMP Flood, ACK Flood, FIN Flood, RST Flood, DNS/NTP/SSDP reflection attacks, and null connections. |
DNS DDoS Attack | DNS DDoS attacks primarily encompass DNS Request Flood, DNS Response Flood, False Source + Real Source DNS Query Flood, Authoritative Server Attacks, and Local Server Attacks. |
Connection-based DDoS Attacks | Connection-based DDoS attacks primarily refer to TCP slow connection attacks, connection exhaustion attacks, and slow attacks such as Loic, Hoic, Slowloris, Pyloris, and Xoic. |
Introduction to EdgeOne's Independent DDoS Protection
Scenarios
Exclusive DDoS Protection is a paid feature offered by EdgeOne to enhance DDoS mitigation, providing exclusive access to a cleaning center. When the platform's default protection cannot meet the demands of your business's normal operation, you can use Exclusive DDoS Protection to help ensure your business runs smoothly. Once activated, it provides an exclusive high-defense IP for traffic cleaning, offering a promised protection bandwidth value based on the guaranteed protection capacity and elastic protection capacity you purchase.
Note:
Exclusive DDoS protection is only available for subscription with the EdgeOne Enterprise plan.
Capability Overview
1. The default access node utilizes a cleansing center, offering enhanced DDoS protection capabilities, reaching up to terabyte levels.
2. Committed protection capacity can be flexibly selected based on business deployment conditions, with options for global availability zones (excluding Mainland China), Mainland China availability zones, and global availability zones protection specifications.
3. In addition to automatic cleansing and identification mechanisms, EdgeOne DDoS Protection offers diverse and flexible custom DDoS protection strategies tailored to your business's defensive needs. You can flexibly set these strategies based on the unique characteristics of your business to counter constantly changing attack methods. For Layer 4 proxy instances, the following custom rule configuration capabilities are supported:
Note:
When a request matches multiple rules simultaneously, it is processed in the following rule order:
Protection Module | Note |
In the event of a DDoS attack, access to EdgeOne sites is restricted by matching IP addresses against a blocklist and allowlist. | |
In the event of a DDoS attack, access to EdgeOne sites can be restricted by specifying a custom port range. | |
You can configure EdgeOne sites to only allow user access via specified protocols. | |
Protection against connection-based attacks is provided, automatically blocking clients exhibiting abnormal connection behavior. | |
In the event of a DDoS attack, you can customize interception strategies based on the characteristics of IP, TCP, and UDP packet headers or payloads. | |
In a DDoS attack, access to EdgeOne sites is restricted by matching regions. |