×

ISP blacklist feed

  • US 10,193,922 B2
  • Filed: 01/08/2016
  • Issued: 01/29/2019
  • Est. Priority Date: 01/13/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method of providing a notification containing an ISP from which DDoS attacks originate, the method comprising performing by a computing system:

  • receiving an indication that one or more network resources are being targeted as part of one or more DDoS attacks;

    obtaining one or more malicious IP addresses corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;

    sending a request to a database system to determine an Internet Service Provider (ISP) associated with each of the one or more malicious IP addresses;

    computing a metric associated with a first ISP involved in the one or more DDoS attacks, wherein the metric includes at least one of;

    a quantity of malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks and a quantity of malicious requests from the malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;

    comparing the metric to a threshold; and

    sending, to a list of subscribers, an alert message indicating that the first ISP is involved in the one or more DDoS attacks when the metric exceeds the threshold.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×