- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
Introduction to DDoS Attacks
Distributed Denial of Service (DDoS) attacks refer to attackers remotely controlling a large number of zombie hosts through the network to send a large amount of attack requests to one or multiple targets, blocking the target server's network bandwidth or depleting the target server's system resources, making it unable to respond to normal service requests.
Network Layer DDoS Attacks
Network layer DDoS attacks mainly refer to attackers using high traffic to congest the target server's network bandwidth and consume server system resources, causing the target server to be unable to respond normally to customer visits. Common types of attacks include SYN Flood, ACK Flood, UDP Flood, ICMP Flood, and DNS/NTP/SSDP/memcached reflection attacks.
Transport Layer DDoS Attacks
Mainly include Syn Flood, Ack Flood, UDP Flood, ICMP Flood. Taking Syn Flood attack as an example, it takes advantage of the TCP protocol's three-way handshake mechanism. When the server receives a Syn request, the server must save the connection in a listening queue for a certain period of time. Therefore, it continuously sends Syn requests to the server but does not respond to Syn+Ack packets, thereby consuming server resources. When the server's listening queue is full, the server will be unable to respond to normal user requests, achieving the purpose of a denial of service attack.
Application Layer DDoS Attacks
Mainly include DNS DDoS attacks and Web application DDoS attacks. DNS DDoS attacks mainly include DNS Request Flood, DNS Response Flood, and false source + Real source DNS Query Flood. Web application DDoS attacks mainly refer to HTTP Get Flood, HTTP Post Flood, etc. HTTP Get Flood usually refers to hackers finding some resource-consuming transactions and pages from Web services or interfaces and continuously sending HTTP Get requests to these transactions and pages, causing Web application server resources to be depleted, unable to provide normal services, or causing the entire data center's entrance network bandwidth to be occupied, making the whole data center unable to provide normal services to the outside.
CC Attack
CC attack mainly refers to the attack method of maliciously occupying the target server's application layer resources, consuming processing performance, and causing it to be unable to provide normal services. Common types of attacks include HTTP/HTTPS-based GET/POST Flood, L4 CC, and Connection Flood attacks.
Protection Capability
Protection capability refers to the ability to defend against DDoS attacks. DDoS protection is provided based on Tencent Cloud's maximum DDoS protection capability in the current region.
Cleaning
When the target IP's public network traffic exceeds the set protection threshold, Tencent Cloud's DDoS protection system will automatically clean the public inbound traffic of that IP. The traffic is redirected from the original network path to Tencent Cloud's DDoS cleaning equipment through the BGP routing protocol, and the traffic of that IP is identified by the cleaning equipment, discarding the attack traffic and forwarding the normal traffic to the target IP. In general, cleaning does not affect normal access, and only in special scenarios or when the cleaning strategy is misconfigured may it affect normal access. When the traffic has been normal for a certain period of time (determined dynamically based on the attack situation), the cleaning system will determine that the attack has ended and stop cleaning.
Yes
No
Was this page helpful?