Back
Cloud Security 2.0
CDNetworks Documentation Cloud Security 2.0 User Guide L3/4 DDoS Trends

L3/4 DDoS Trends

Last update:2024-10-30 16:05:37

The L3/4 DDoS Trends page displays data related to L3/4 DDoS Protection, including the peak attack info, traffic trends, and event details.

The L3/4 DDoS protection granularity is based on the mitigation node IP, not the hostname. Only when you have purchased the exclusive IP value-added service, the L3/4 DDoS Protection related data for the exclusive IP will be generated and provided for query. Therefore, this page is not open by default. If you have purchased an exclusive IP, please contact technical support to open it.

Go to L3/4 DDoS Trends page:

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to  Analytsis & Logs > L3/4 DDoS Trends
  3. Select the time period, click Query to view the L3/4 DDoS data you are interested in.

Summary

Display Peak Attack Bandwidth and Peak Attack Packet Speed within the selected time period.

  • Peak Attack Bandwidth: The peak of attack bandwidth (in Mbps) detected by CDNetworks.
  • Peak Attack Packet Speed: The peak of attack packet speed (in Mpps) detected by CDNetworks.

Trends

Displays the trends of L3/4 inbound and mitigated traffic, as well as the trends of attack types within the selected time period.

Indicators on the top half of the chart:

  • Inbound Traffic: The sum of traffic received by CDNetworks.
  • Mitigated Traffic: The sum of attack traffic detected and scrubbed by CDNetworks.

Indicators on the bottom half of the chart display the sum of attack traffic triggered by different L3/4 DDoS policies, including SYN Flood, ACK Flood, UDP Flood, ICMP Flood and Other Flood.
The chart supports viewing traffic bandwidth in bits per second (bps) and the packet speed in packet per second (pps).

Events Table

Displays the L3/4 DDoS attack events details detected by CDNetworks.

  • Events: If DDoS attack is detected, it is considered to be the beginning of the event, and if DDoS attack is not detected for 30 minutes, the event is considered to be the end. Therefore, one event may contain more than one attack. You can click the number of the events to view the each of the attack detail, including Target IP, Attack Time, Attack Type, and Attack Bandwidth (Mbps).
  • Status: Event status is in Mitigating or in Stopped.
  • Start Time: Start Time is identified when DDoS attack is detected.
  • End Time: End Time is identified when DDoS attack has stopped for 30 minutes.
  • Duration: Attack event lasting time. The unit is minutes.
  • Attack Type: Attack event type, such as “SYN Flood”, “ACK Flood”, etc.
  • Peak Time: Peak time of attack event.
  • Peak Bandwidth: Peak bandwidth of attack event. The unit is Mbps.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!

CDNetworks Inc., © 2024. 1840 Enterprise Way, Monrovia, CA 91016 – All rights reserved.