Blocked attacks

You can view the history of DDoS attacks blocked by Selectel protection in the Control panel.

Selectel protection operates at the network and transport layer (L3-L4). If your monitoring systems have detected an application-layer (L7) attack or other malicious activity, immediately contact the support service and activate additional protection.

View attack history

In the Control panel, on the top menu, click Products and select Network Incidents.
Open the Blocked attacks tab. For each attack, the attacked network, attack period, and the response from the protection system are indicated:
- block — suspicious traffic was fully dropped;
- redirect — suspicious TCP traffic was filtered, only legitimate requests were passed;
- detect — suspicious traffic was detected but not dropped. A new attack detection rule is being tested in the system, or traffic blocking is disabled for the IP address.
To view detailed information about an attack, including the attack type, its rate, intensity, total number of packets sent, and volume, click the network IP address in the attack row.
Optional: if you observe a prolonged attack that disrupts or limits service availability, additionally protect the attacked server:
- change the server IP address;
- activate additional protection.

Attack types

	Description	Attack target
UDP flood to service DST port 565 limited	UDP traffic attack on destination port 565 Whoami	Exhaustion of the bandwith and computing resources of the attacked host; denial of service for the attacked application
UDP flood to service DST port 1194 limited	UDP traffic attack on destination port 1194 OpenVPN	Exhaustion of the bandwidth and computing resources of the attacked host, denial of service for the attacked application
NTP Monlist Response	Reflected and amplified UDP traffic attack from source port 123 (NTP Monlist response vulnerability)	Bandwidth exhaustion
SSDP Reflection	Reflected and amplified UDP traffic attack from source port 1900 (SSDP and UPnP protocol vulnerability)	Bandwidth exhaustion
Empty UDP data	Attack on client IP with empty UDP datagrams (Empty UDP Flood)	Increased victim network utilization
Memcache	Reflected and amplified UDP traffic attack from source port 11211 (Memcache vulnerability)	Bandwidth exhaustion
SSRP Reflection	Reflected and amplified UDP traffic attack from source port 1434 SSRP (SQL Server Resolution Protocol)	Bandwidth exhaustion
WSD Reflection	Reflected and amplified UDP traffic attack from source port 11211 (Memcache vulnerability)	Bandwidth exhaustion
Net Assistant Reflection	Reflected and amplified UDP traffic attack from source port 3283 (Apple Network Assistant vulnerability)	Bandwidth exhaustion
LowShadyPorts/Reflection flood to server limited	Reflected and amplified UDP traffic attack from source ports: 19 CHARGEN (Character Generator); 111 SUNRPC (Sun Remote Procedure Call); 137 NETBIOS-NS (NetBIOS Name Service); 161 SNMP (Simple Network Management Protocol); 389 LDAP (Lightweight Directory Access Protocol); 520 ROUTER (used by routing protocols, e.g., RIP)	Bandwidth exhaustion
Custom UDP amplifications	Reflected and amplified UDP traffic attack from source ports: 37810 DHCPDiscover for DVR devices; 10074 TP240PhoneHome (Mitel systems); 37020 SADP (Hikvision)	Bandwidth exhaustion
Custom UDP amplifications3	Reflected and amplified UDP traffic attack from source port 37021 SADP (Hikvision)	Bandwidth exhaustion
Query Response/DNS query response reflection flood to server limited	DNS Response traffic attack from public DNS servers with source port 53 UDP DNS and flags set from the DNSSEC extension: DNS Signature; DNS Signature Recursive	Bandwidth exhaustion
Source Port 53/UDP source port 53 reflection flood to server limited	Reflected and amplified UDP traffic attack from source port 53 UDP DNS	Bandwidth exhaustion
Source Port 4500/UDP source port 4500 reflection flood to server limited	Reflected and amplified UDP traffic attack from source port 4500	Bandwidth exhaustion
Any Source Port/UDP source port reflection flood to server limited	High volume UDP traffic attack from a specific source port to any client IP destination port	Bandwidth exhaustion
RST/TCP RST reflection flood to server limited	TCP traffic attack with TCP RST flag set from a specific source port to any client IP destination port	Exhaustion of the attacked host's computing resources; disruption of TCP connections on the attacked host (or group of hosts)
SYN/ACK/TCP SYN/ACK reflection flood to server limited	TCP traffic attack with TCP RST flag set from a specific source port to any client IP destination port	Exhaustion of network and computing resources of the attacked host
PSH/ACK/TCP PSH/ACK reflection flood to server limited	TCP traffic attack with TCP RST or TCP PSH flags set from a specific source port to any client IP destination port	Exhaustion of the attacked host's computing resources
Failed Reflectors/ICMP Server flood to server limited	Attack on a client host with a large volume of response ICMP traffic from public servers, triggered by attacker-sourced specific requests to public servers for UDP port reachability, but with the source address spoofed to the client's	Exhaustion of bandwidth and computing resources of the attacked host
UDP flood to service DST port 53 limited	UDP traffic attack on destination port 53 DNS	Exhaustion of bandwidth and computing resources of the attacked host; denial of service for the attacked application
Any Destination Port/UDP service flood to a server port limited	Attack with high volume UDP traffic to any custom victim port	Bandwidth exhaustion; denial of service for the attacked application
Any Type/ICMP/ICMPv6 service flood to server limited	Attack with custom ICMP traffic (including ICMPv6) of large volume on a specific client destination port	Exhaustion of bandwidth and computing resources of the attacked host
SYN/TCP SYN to a server port limited	TCP traffic attack with TCP SYN flag set on a specific client IP destination port	Exhaustion of network and computing resources of the attacked host; disruption of TCP connection establishment on the attacked host
RST/TCP RST to a server port limited	TCP traffic attack with TCP RST flag set on a specific client IP destination port	Exhaustion of the attacked host's computing resources; disruption of TCP connections on the attacked host or group of hosts
PSH/ACK/TCP PSH/ACK service flood to a server port limited	TCP traffic attack with TCP RST/PSH flags set on a specific client IP destination port	Exhaustion of the attacked host's computing resources
Any TCP/TCP to a server port limited	Attack with custom TCP traffic of large volume on a specific client port	Exhaustion of the attacked host's computing resources and bandwidth
Fragment Under Attack/UDP server under attack fragment to server limited	Attack with fragmented UDP datagrams. Usually accompanies other types of UDP attacks	Bandwidth exhaustion
Any Port/UDP server flood to server limited	Attack with custom UDP traffic of large volume cumulatively on any client port	Exhaustion of the attacked host's computing resources and bandwidth
Any Type/ICMP server flood to server limited	Attacking large amounts of custom ICMP traffic, including ICMPv6, on any client destination port	Exhaustion of bandwidth and computing resources of the attacked host
SYN/TCP SYN to server address limited	TCP traffic attack with TCP SYN flag set on any client IP destination port	Exhaustion of network and computing resources of the attacked host; disruption of TCP connection establishment on the attacked host
RST/TCP RST to server address limited	TCP traffic attack with TCP RST flag set on any client IP destination port	Exhaustion of the attacked host's computing resources; disruption of TCP connections on the attacked host or group of hosts
Any TCP/TCP to server address limited	Attack with custom TCP traffic of large volume in aggregate on any destination-port of the client	Exhaustion of network and computing resources of the attacked host and bandwidth
IP protocol Any IP protocol server flood to server limited	Attack with custom IP traffic of large volume cumulatively by all transport protocols and all ports	Exhaustion of network and computing resources of the attacked host and bandwidth
Flex Fragment/Flex matched IP fragment to destination IP under attack	Rule that defines blocking of IP packet fragments for hosts that are already under attack. Accompanies other attack types	—
TCP FIN to a server port limited	TCP traffic attack with TCP FIN flag set on a specific client IP destination port	Exhaustion of network and computing resources of the attacked host; disruption of the correct TCP connection establishment process on the attacked host
TCP FIN to server server address	TCP traffic attack with TCP FIN flag set in aggregate on any client IP destination port	Exhaustion of network and computing resources of the attacked host; disruption of the correct TCP connection establishment process on the attacked host
TCP Any Flags	Attack with a large volume of traffic with any set of flags	Exhaustion of network and computing resources of the attacked host; disruption of the correct TCP connection establishment process on the attacked host
UDP Fragment Server Smart-Rule	Attack with fragmented UDP datagrams	Bandwidth exhaustion