This function will be released on NTA Version 4.5R90F04 in Q1 2023. In the earlier versions, the NTA identifies outbound DDoS attacks by traffic thresholds set for region IP addresses. Some customers with small-traffic businesses hope the NTA can detect constituent proportions of outbound traffic for DDoS attacks. If the outbound traffic of a certain protected IP address is abnormally constituted, for example, the proportion of SYN Flood traffic is larger than expected, the IP address is deemed to be under attack.
NTA V4.5R90F04 allows users to configure constituent proportions to detect outbound traffic for DDoS attacks against IP addresses of regions or IP groups. Outbound component proportion detection supports SYN Flood, ACK Flood, ICMP Flood, UDP Flood, DNS Query Flood, and other protocol attacks.
Note: This feature is supported in the NTA VM and the model HD 2200E.
Choose Configuration > Objects > Regions and add or edit Region and IP group configuration. On the Region DDoS Attack Alert/IP Group DDoS Attack Alert page, choose Outbound Detection Configuration > Constituent Proportion Configuration, click Open, and click Save to enable outbound constituent proportion alert detection for a region/IP group.
Specify an alert type, configure alert parameters, and click Save.