Core Concepts

DDoS

Distributed Denial of Service (DDoS ) attack refers to use customer/server technology to combine multiple computers as an attack platform to launch a DDoS attack on one or more targets, thereby multiplying power of the denial of service attack.

Generally, an attacker uses a stolen account to install DDoS master control program on a computer. At a set time, the master control program will communicate with a large number of agent programs that have been installed on many computers on the Internet. Agent program launches an attack when it receives instructions. The master control program can use customer/server technology to activate hundreds or thousands of agent program run in seconds.

Challenge Collapsar attack

HTTP Flood is an attack on Web service in the seventh layer of the OSI protocol. The attacker tries to imitate the web page request behavior of normal users. It is easy to launch and difficult to filter. It is extremely easy to cause the target server to run out of resources and fail to provide service.

Clean

When the public network traffic of the target IP exceeds the set protection threshold, Baidu AI Cloud's DDoS system will automatically clean the public network inbound traffic of the IP. Traffic is redirected from the original network path to the DDoS cleaning device through policy routing. The cleaning device identifies the IP traffic, discards attack traffic and forwards normal traffic to the target IP.

Ban

When the attack traffic to the target IP exceeds the ban threshold of the region (computer room) where the cloud resources are located, Baidu AI Cloud will block all external network accesses of the IP to protect other users of the cloud platform from being affected.

• Ban threshold

  • Ban will be triggered when users in mainland China and Singapore are attacked and the peak attack traffic reaches 5G.
  • Ban will be triggered when users in Hong Kong, China suffer a peak attack traffic of up to 1G.

• Ban duration

  The ban duration is 2 hours by default. The actual ban duration is related to attack duration and attack peak value on that day, which can be up to 24 hours. The ban duration is mainly affected by the following factors:

  • Whether the attack continues; if the attack continues, the ban duration will be extended, and the ban duration will be recalculated from the extended moment.
  • Whether the attack is frequent; users who are frequently attacked are more likely to be continuously attacked, and the ban duration will be automatically extended.
  • Attack traffic size; the ban duration will be automatically extended for users who are attacked by very large traffic.

Note: For users who are frequently attacked by very large traffic, Baidu AI Cloud reserves the right to extend the ban duration and lower the ban threshold. The black hole threshold and black hole duration are subject to the console show.

Why do we need a ban policy? Why can't Baidu AI Cloud help users to defend against DDoS attacks for free? Baidu AI Cloud reduces the cost of cloud use for users by sharing infrastructure. All users share the external network exit of Baidu AI Cloud. When a large traffic DDoS attack occurs, both the attacked object and the entire Baidu AI Cloud network may be affected. In order to avoid the impact of DDoS on other users who are not attacked, and to ensure the stability of the entire cloud platform network, it is necessary to block.

DDoS defense requires extremely high costs, the biggest of which is the bandwidth cost. Bandwidth is purchased by Baidu AI Cloud from operator such as Telecom, Unicom and Mobile. The operators do not clean up DDoS attack traffic when calculating bandwidth costs, but directly charge the total bandwidth cost of Baidu AI Cloud. Under the control of costs, Baidu AI Cloud's DDoS basic protection will try to prevent DDoS attacks for cloud platform users free of charge. However, when the attack traffic exceeds the threshold, Baidu AI Cloud will block the traffic of the attacked IP, thereby avoiding the occurrence of excessive charges.

If your IP's attack traffic exceeds the threshold to trigger a ban, you can purchase DDoS ADAS IP service to increase the IP to the highest level of defense, and you will have the opportunity to relieve the black hole immediately.

What to do if the basic protection threshold is too low to meet the requirements? Purchase DDoS ADAS IP service to obtain up to T-level defense capabilities, and switch traffic to ADAS IP during use.