Short term certificate management during distributed denial of service attacks
First Claim
1. A method of providing a short term certificate during a distributed denial of service attack on a network, the method comprising:
- identifying, by a processor, a distributed denial of service attack on a network;
executing, by the processor, a script to request a short term certificate in response to, and at the time of, identifying the distributed denial of service attack, wherein the network is associated with a first certificate and wherein the short term certificate has a predetermined duration that is less than a duration of the first certificate;
receiving the short term certificate generated by a certificate server;
updating a transport layer security record under domain name service (DNS) based authentication of named entities (DANE) according to the short term certificate;
generating, by the processor, an instruction to redirect traffic from the network during the distributed denial of service attack to a protection service using the short term certificate and associated private key,wherein malicious traffic involved in the distributed denial of service attack is filtered by the protection service in response to the short term certificate; and
wherein filtered traffic is provided from the protection service to the network.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.
-
Citations
18 Claims
-
1. A method of providing a short term certificate during a distributed denial of service attack on a network, the method comprising:
-
identifying, by a processor, a distributed denial of service attack on a network; executing, by the processor, a script to request a short term certificate in response to, and at the time of, identifying the distributed denial of service attack, wherein the network is associated with a first certificate and wherein the short term certificate has a predetermined duration that is less than a duration of the first certificate; receiving the short term certificate generated by a certificate server; updating a transport layer security record under domain name service (DNS) based authentication of named entities (DANE) according to the short term certificate; generating, by the processor, an instruction to redirect traffic from the network during the distributed denial of service attack to a protection service using the short term certificate and associated private key, wherein malicious traffic involved in the distributed denial of service attack is filtered by the protection service in response to the short term certificate; and wherein filtered traffic is provided from the protection service to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for providing a short term certificate during a distributed denial of service attack on a network, the apparatus comprising:
-
a processor; and a memory comprising one or more instructions executable by the processor to perform; identify a distributed denial of service attack on a network; execute the processor, a script to request a short term certificate in response to, and at the time of, identifying the distributed denial of service attack, wherein the network is associated with a first certificate and wherein the short term certificate has a predetermined duration that is less than a duration of the first certificate; receive the short term certificate generated by a certificate server; update a transport layer security record under domain name service (DNS) based authentication of named entities (DANE) according to the short term certificate; generate an instruction to a protection service to service traffic from the network during the distributed denial of service attack using the short term certificate and private key, wherein malicious traffic involved in the distributed denial of service attack is filtered by the protection service in response to the short term certificate; and wherein filtered traffic is provided from the protection service to the network. - View Dependent Claims (10)
-
-
11. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform operations for providing a short term certificate during a distributed denial of service attack on a network, the operations including:
-
identifying a distributed denial of service attack on a network; executing a script to request a short term certificate in response to, and at the time of, identifying the distributed denial of service attack, wherein the network is associated with a first certificate and wherein the short term certificate has a predetermined duration that is less than a duration of the first certificate; receiving the short term certificate generated by a certificate server; updating a transport layer security record under domain name service (DNS) based authentication of named entities (DANE) according to the short term certificate; generating an instruction to redirect traffic from the network during the distributed denial of service attack to a protection service using the short term certificate and associated private key, wherein malicious traffic involved in the distributed denial of service attack is filtered by the protection service in response to the short term certificate; and wherein filtered traffic is provided from the protection service to the network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification