Patent attributes
Techniques for detecting and mitigating distributed denial of service (DDoS) attacks sourced from within a service provider system are described. A service obtains traffic data comprising a plurality of entries that describe outbound network traffic originated by a plurality of compute instances within the service provider system that is destined to locations outside the service provider system. The service determines that one or more destination network addresses identified within the traffic data are likely targets of a DDoS attack, determines a responsive action from a plurality of candidate responsive actions to perform with regard to the one or more compute instances, and causes the responsive action to be performed in the service provider system.
