This section describes how to configure a filter, which is employed by the cleaning device to perform static filtering over the traffic destined for the Zone.
Filter Category
The AntiDDoS provides IP, TCP, UDP, HTTP, DNS, ICMP, and SIP filters. For details, see Table 1.
The IP filter can process all types of IP packets whereas other filters can only process the packets of their own types. For example, the HTTP filter can process only HTTP packets.
You can configure a maximum of 128 filters on one anti-DDoS device.
| Filter | Filtering Condition |
|---|---|
| IP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, protocol, DSCP, and fragment type |
| TCP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, TCP flag bit, source port, and destination port |
| UDP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, and destination port |
| ICMP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, and fragment type |
| HTTP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, TCP flag bit, source port, HTTP field (including opcode, cookie, host, user-agent, and referer), and URI |
| DNS filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, DNS QR (query and reply), and DNS field (including the domain and type) |
| SIP filter | Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, caller and callee |
| Sentinel filter | Source IP address,packet length |
Filter Template
The ATIC Management center provides 15 common filter templates. You can use any of them as required.
| DNS_Amplification | DNS amplification attack |
| Chargen_Amplification | Chargen amplification attack |
| SNMP_Amplification | SNMP amplification attack |
| TFTP_Amplification | TFTP amplification attack |
| NTP_Amplification | NTP amplification attack |
| NetBIOS_Amplification | NetBIOS amplification attack |
| SSDP_Amplification_Attack | SSDP amplification attack |
| QOTD_Amplification | QOTD amplification attack |
| Quake_Network_Protocol | Quake amplification attack |
| Steam_Protocol_Amplification | Stream amplification attack |
| Portmapper_Amplification | Portmapper amplification attack |
| Wordpress_Amplification | Wordpress amplification attack |
| Microsoft_SQL_Resolution_Service_Amplification | SQL amplification attack |
| RIPV1_Amplification_Attack | RIPV1 amplification attack |
| Sentinel_Amplification_Attack | Sentinel amplification attack |
You can edit or delete templates as required.
Filter Matching Sequence
Packets match filters in the list from top to bottom. The matching stops only after the packets match any action defined in the filter.
Operation
Choose , and config the filter.
Create |
Click |
Modify |
Click |
Delete |
Select the check box for the filter and click |
Search |
Enter part of a filter name or the full name in Name and click |
