This section describes how to configure a filter, which is used by the cleaning device to perform static filtering over the traffic destined for the Zone.
Filter Category
The AntiDDoS provides IP, TCP, UDP, HTTP, DNS, ICMP, and SIP filters. For details, see Table 1.
The IP filter can process all types of IP packets whereas other filters can only process the packets of their own types. For example, the HTTP filter can process only HTTP packets.
You can configure a maximum of 512 filters on one anti-DDoS device.
Protocol |
Filtering Condition |
|---|---|
IP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, protocol, DSCP, and fragment type |
TCP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, TCP flag bit, source port, and destination port |
UDP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, and destination port |
ICMP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, and fragment type |
HTTP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, TCP flag bit, source port, HTTP field (including opcode, cookie, host, user-agent, and referer), and URI |
DNS protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, DNS QR (query and reply), and DNS field (including the domain and type) |
SIP protocol |
Source IP address, destination IP address, packet length, TTL, fingerprint, DSCP, fragment type, source port, caller and callee |
Filter Template
The ATIC provides 24 common filter templates by default.
DNS_Amplification |
DNS amplification attack |
Chargen_Amplification |
Chargen amplification attack |
SNMP_Amplification |
SNMP amplification attack |
TFTP_Amplification |
TFTP amplification attack |
NTP_Amplification |
NTP amplification attack |
NetBIOS_Amplification |
NetBIOS amplification attack |
SSDP_Amplification_Attack |
SSDP amplification attack |
QOTD_Amplification |
QOTD amplification attack |
Quake_Network_Protocol |
Quake amplification attack |
Steam_Protocol_Amplification |
Steam amplification attack |
Portmapper_Amplification |
Portmapper amplification attack |
Wordpress_Amplification |
Wordpress amplification attack |
Microsoft_SQL_Resolution_Service_Amplification |
SQL amplification attack |
RIPV1_Amplification_Attack |
RIPV1 amplification attack |
Sentinel_Amplification_Attack |
Sentinel amplification attack |
LDAP_Amplification_Attack |
LDAP amplification attack |
QUIC |
QUIC amplification attack |
mDNS_Amplification |
mDNS amplification attack |
Memcached_Amplification |
Memcached amplification attack |
IPMI_Amplification_Attack |
IPMI amplification attack |
Mutant_SSDP_Amplification_Attack |
Mutant_SSDP amplification attack |
ONVIF_Amplification_Attack |
ONVIF amplification attack |
ARMS_Amplification_Attack |
ARMS amplification attack |
OpenVPN_Amplification_Attack |
OpenVPN amplification attack |
You can edit or delete templates as required.
Filter Matching Sequence
The filters in the list are matched from top to down. After a matching filter is found, the action defined in the filter is executed, and the matching ends. If no match is found, filters are matched top down again.
Operation
Choose , and config the filter.
Operation |
Description |
|---|---|
Create |
Click |
Modify |
Click |
Delete |
Select the check box for the filter and click |
Search |
Enter part of a filter name or the full name in Name and click |
