Abstract: Disclosed are a method and system for shunting reflective DDOS traffic. The method includes: acquiring and detecting data flow of a network node A to obtain an attack source IP address and a set of attack types (Set T) where the attack source IP address generates attack traffic of which the type belongs to the set of attack types (Set T); sending the attack source IP address and the set of attack types (Set T) to a drainage device; sending, by the drainage device, all requests for the set of attack types (Set T) to the attack source IP address; and draining attack traffic sent by the attack source IP address to a network node B where the attack traffic is cleaned. The attack source IP address is an IP address of a base server utilized by a hacker.