Monitoring DDoS Protection

This guide covers how to review your DDoS protection configuration and attack data in the NetActuate portal. DDoS rules are managed by the NetActuate operations team — the portal provides read-only visibility into your active rules, analytics, and attack history.

Prerequisites

• An active NetActuate account with BGP or Anycast services
• At least one BGP or Anycast group with active sessions

Viewing Your DDoS Rules

1. Log in to the NetActuate Customer Portal.
2. In the top navigation, click Networking.
3. In the left sidebar, click DDoS.
4. Click the Rules tab.

This shows all DDoS rules currently active on your account, including the detection action, conclusion action, and assigned prefixes for each rule. Rules may be scoped at the account level, per BGP group, or per Anycast group.

Note: The Rules tab is read-only. To request new rules, modify existing rules, or change rule scope, open a support ticket or contact your account manager.

Reviewing DDoS Analytics

Navigate to Networking → DDoS → Analytics to monitor:

• Total traffic associated with detected attacks
• Total packets across attack events
• IP sources — the number of unique source IPs involved in attacks

Use this view to understand your overall attack exposure over time.

Reviewing Attack Logs

Navigate to Networking → DDoS → Attacks to see the historical attack log. Each entry links to a detailed attack report showing:

• Total and peak traffic volumes
• PPS breakdown by protocol (TCP, UDP, ICMP)
• Top source IPs, countries, and ASNs
• TCP flags distribution
• Top source and destination ports
• Top flows

Review these details after any mitigation event to understand the attack vector. Share the findings with the NetActuate team when requesting rule adjustments.

Requesting Rule Changes

DDoS rules are configured by the NetActuate operations team to match your infrastructure and traffic profile. To request changes:

1. Review your current rules in Networking → DDoS → Rules to understand your existing configuration.
2. If you have recent attack data, review the attack detail page to identify relevant patterns (protocol breakdown, source ASNs, top flows).
3. Open a support ticket or contact your account manager with:
   • What you want changed (new rule, modify existing, adjust scope)
   • Which prefixes or groups the change applies to
   • Any attack report data that supports the change

The operations team will configure the rules and confirm when they are active.

Best Practices

• Use Anycast to distribute attack traffic across multiple PoPs rather than concentrating it at one location
• Layer defenses — combine DDoS rules with host-level firewall rules and application-level rate limiting
• Use /23 or larger prefixes for Anycast groups so you can advertise a more specific /24 for traffic diversion during an attack
• Enable BFD on BGP sessions for sub-second failover if a location becomes overwhelmed
• Review attack reports after every event and share findings with the NetActuate team to keep rules tuned to current threats

Next Steps

• DDoS Protection Overview — full reference for rule scope, analytics, and attack detail fields
• Anycast — manage anycast groups where DDoS rules are applied
• BGP — manage BGP groups where DDoS rules are applied
• Firewall — API-managed host-level firewall for application-layer protection

---

Need Help?

Contact support@netactuate.com or open a support ticket from the portal.