Blocked attacks
You can view the history of DDoS attacks blocked by Selectel protection in the control panel.
Selectel's defenses operate at the network and transport layer (L3-L4). If your monitoring systems detect an application layer attack (L7) or other malicious activity, please contact support immediately and activate additional protection.
View attack history
-
In the Dashboard, on the top menu, click Products and select Network Incidents.
-
Open the Blocked Attacks tab. For each attack, the attacked network, the attack period, and the defense response are listed:
block— suspicious traffic was completely discarded;redirect— suspicious TCP traffic was filtered out, only legitimate requests were allowed through;detected— suspicious traffic was detected but was not rejected. A new attack detection rule is being tested in the system, or traffic blocking is disabled for the IP address.
-
To see detailed information about the attack, including the type of attack, its speed, power, total number of packets sent, and volume, click on the IP address of the network in the attack row.
-
Optional: if you observe a sustained attack that disables or reduces service availability, additionally protect the attacked server:
- change the IP address of the server;
- plug in the extra protection.
Types of attacks
| Description | Target of attack | |
|---|---|---|
| UDP flood to service DST port 565 limited | Attack by UDP traffic on destination port 565 Whoami |
|
| UDP flood to service DST port 1194 limited | UDP traffic attack on OpenVPN destination port 1194 | Exhaustion of bandwidth and computational resources of the attacked host, denial of service of the attacked application |
| NTP Monlist Response | Attack by reflected and amplified UDP traffic from source port 123 (NTP Moonlist response vulnerability) | Bandwidth exhaustion |
| SSDP Reflection | Attack by reflected and amplified UDP traffic from source port 1900 (SSDP and UPnP protocols vulnerability) | Bandwidth exhaustion |
| Empty UDP data | Attack of client IP address with empty UDP datagrams Empty UDP Flood | Increased utilization of the victim network |
| Memcache | Reflected and amplified UDP traffic from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
| SSRP Reflection | Attack with reflected and amplified UDP traffic from source port 1434 SSRP (SQL Server Resolution Protocol) | Bandwidth exhaustion |
| WSD Reflection | Reflected and amplified UDP traffic from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
| Net Assistant Reflection | Reflected and amplified UDP traffic from source port 3283 (Apple Network Assistant vulnerability) | Bandwidth exhaustion |
| LowShadyPorts/Reflection flood to server limited | Attack by reflected and amplified UDP traffic from source ports:
| Bandwidth exhaustion |
| Custom UDP amplifications | Attack by reflected and amplified UDP traffic from source ports:
| Bandwidth exhaustion |
| Custom UDP amplifications3 | Attack by reflected and amplified UDP traffic from SADP source port 37021 (Hikvision) | Bandwidth exhaustion |
| Query Response/DNS query response reflection flood to server limited | DNS Response attacks traffic from public DNS servers with source port 53 UDP DNS and flags set from the DNSSEC extension:
| Bandwidth exhaustion |
| Source Port 53/UDP source port 53 reflection flood to server limited | Attack by reflected and amplified UDP traffic from source port 53 UDP DNS | Bandwidth exhaustion |
| Source Port 4500/UDP source port 4500 reflection flood to server limited | Attack by reflected and amplified UDP traffic from source port 4500 | Bandwidth exhaustion |
| Any Source Port/UDP source port reflection flood to server limited | Attack with high volume UDP traffic from a specific source port to any destination port on the client IP | Bandwidth exhaustion |
| RST/TCP RST reflection flood to server limited | Attack TCP traffic with the TCP RST flag set from a specific source port to any destination port on the client IP |
|
| SYN/ACK/TCP SYN/ACK reflection flood to server limited | Attack TCP traffic with the TCP RST flag set from a specific source port to any destination port on the client IP | Exhaustion of network and computing resources of the attacked host |
| PSH/ACK/TCP PSH/ACK reflection flood to server limited | Attack TCP traffic with TCP RST or TCP PSH flags set from a specific source port to any destination port on the client IP | Exhaustion of computational resources of the attacked host |
| Failed Reflectors/ICMP Server flood to server limited | Attacking a client host with a large volume of ICMP response traffic from public servers, triggered by specific requests from an attacker to public servers for UDP port availability, but spoofing the source address to a client address. | Exhaustion of bandwidth and computational resources of the attacked host |
| UDP flood to service DST port 53 limited | Attack by UDP traffic on destination port 53 DNS |
|
| Any Destination Port/UDP service flood to a server port limited | Attack with high volume UDP traffic to any arbitrary victim port |
|
| Any Type/ICMP/ICMPv6 service flood to server limited | Attack with arbitrary ICMP traffic (including ICMPv6) of large volume on a specific client destination port | Exhaustion of bandwidth and computational resources of the attacked host |
| SYN/TCP SYN to a server port limited | Attack by TCP traffic with TCP SYN flag set on a specific destination port of the client IP |
|
| RST/TCP RST to a server port limited | Attack by TCP traffic with TCP RST flag set on a specific destination port of the client IP |
|
| PSH/ACK/TCP PSH/ACK service flood to a server port limited | Attack TCP traffic with TCP RST/PSH flags set on a specific destination port of the client IP | Exhaustion of computational resources of the attacked host |
| Any TCP/TCP to a server port limited | Attack with arbitrary TCP traffic of large volume on a specific client port | Exhaustion of the attacked host's computational resources and bandwidth |
| Fragment Under Attack/UDP server under attack fragment to server limited | Attack by fragmented UDP datagrams. Usually accompanies other types of UDP attacks | Bandwidth exhaustion |
| Any Port/UDP server flood to server limited | Attack with arbitrary UDP traffic of large volume cumulatively on any client port | Exhaustion of the attacked host's computational resources and bandwidth |
| Any Type/ICMP server flood to server limited | Attacking large amounts of arbitrary ICMP traffic, including ICMPv6, on any client destination port | Exhaustion of bandwidth and computational resources of the attacked host |
| SYN/TCP SYN to server address limited | Attack with TCP traffic with TCP SYN flag set on any destination port of client IP |
|
| RST/TCP RST to server address limited | Attack with TCP traffic with TCP RST flag set on any destination port of client IP |
|
| Any TCP/TCP to server address limited | Attack with arbitrary TCP traffic of large volume in aggregate on any destination-port of the client | Exhaustion of network, computational resources of the attacked host and bandwidth |
| IP protocol Any IP protocol server flood to server limited | Attack with arbitrary IP traffic of large volume cumulatively by all transport protocols and all ports | Exhaustion of network, computational resources of the attacked host and bandwidth |
| Flex Fragment/Flex matched IP fragment to destination IP under attack | A rule that defines the blocking of IP packet fragments for hosts that are already under attack. Accompanies other types of attacks | - |
| TCP FIN to a server port limited | Attack by TCP traffic with TCP FIN flag set on a specific destination port of the client IP |
|
| TCP FIN to server server address | Attack with TCP traffic with TCP FIN flag set to any destination port on client IP |
|
| TCP Any Flags | High volume traffic attack with any set of flags |
|
| UDP Fragment Server Smart-Rule | Attack by fragmented UDP datagrams | Bandwidth exhaustion |