Docs
uantiddos
Basic Protection
FAQ

FAQ

1. Can the black hole be lifted in advance?

You can apply for early unlock, but if attacks persist or you have multiple attacks, it may not be possible to unlock ahead of time.

2. What if I want to increase the security of my host?

We recommend using the UHIDS, which is currently free to install and use.

3. How can I observe the attack situation after an EIP is blocked?

You can view it in Cloud Security Center -> Security Events -> Network Attacks.

4. Does the data center offer complementary cleaning services?

Yes, basic protection is provided for free and enabled by default. For the data center’s complementary cleaning capability, refer to Data Center Cleaning Ability.

5. What are the trigger conditions for EIP cleaning?

If the inbound packets of EIP exceed the cleaning threshold, the system will start cleaning. After the cleaning, abnormal traffic will be filtered. Refer to Data Center Cleaning Ability for the default cleaning threshold of the data center.

6. What are the trigger conditions for EIP blocking?

If the inbound traffic of EIP exceeds the blocking threshold, the process of blocking will be initiated. After the blocking, inbound traffic cannot reach the cloud host. For the data center’s default blocking threshold, refer to the {{channelName}}Black Hole Policy.

7. Why can some areas still be pinged after an EIP is blocked?

This is because blocking is carried out on the operator’s backbone network. There might be situations where machines within the city network can still ping after being blocked.

8. Can the blocking threshold of EIP be increased?

The threshold can be properly increased based on bandwidth purchase conditions and data center bandwidth conditions. Please contact technical support or client manager for details.

9. Can the cleaning threshold of EIP be increased?

You can increase it yourself on the console, up to 500kpps. If there is a requirement for higher packet counts, please contact technical support or client manager.

10. What measures are available after an EIP is blocked?

If it’s an attack, we suggest buying anti-DDoS protection. If not, you can apply for unlocking and increase the blocking threshold.

11. How to report a case after being attacked?

You can report the case to the local network supervision department and provide related information per their request. The department will evaluate if requirements for case filing are met, and the case will be further processed. After officially filing a case, {{channelName}} will cooperate with the network supervision department contact to provide evidence of the attack (traffic graphs, attack events, packet capture information, etc.).

12. Cloud host is under small flow attack, why isn’t there any protection?

As the basic protection is a public DDoS protection service, it does not protect against small flow attacks (less than the cleaning threshold). We recommend optimizing server performance and installing a host intrusion detection product to deal with small flow attacks.

13. After EIP is blocked, why isn’t there data of large flow observed in cloud host traffic monitoring?

As the DDoS protection traffic monitoring system is deployed at the data center network edge (granularity is 2 seconds) and is above the cloud host, the DDoS protection traffic monitoring data is generally larger than the traffic data observed on the cloud host.

14. Why are the cloud hosts that haven’t started using yet being attacked by DDoS?

As long as the business is communicating with the outside world, there is a risk of a DDOS attack.

15. When the cloud host is attacked, what is being attacked?

Attacks are typically made on IP addresses or the business.

16. Why is there still UDP attack traffic after restricting UDP traffic on the cloud host?

As long as the external network can access the IP, a DDoS attack can be initiated, and policy configuration at the host border cannot prevent the attacker’s traffic from reaching the network edge of the data center.

17. Why is cleaning triggered even if there’s no attack?

Cleaning is triggered when inbound traffic exceeds the cleaning threshold. If you do not want to be cleaned, you can increase the cleaning threshold.

18. Why is blocking triggered during normal download service?

Downloading can involve instantaneous burst traffic. When inbound traffic exceeds the blocking threshold, blocking gets triggered. If you don’t want to be blocked, consider speed limiting or applying to increase the blocking threshold.

External DDoS Self-Inspection of the HostMainland High Defense