Method and system for overcoming denial of service attacks
First Claim
1. A security service for a shared network server comprising:
- providing a network and a shared network server coupled to the network, the shared network server having a fixed quantity of resources for responding to network requests;
providing a constellation of front-end servers within the network;
using the front-end servers to receive requests destined for the shared network server; and
forwarding the received requests from the front-end servers to the shared network server at a governed rate.
7 Assignments
0 Petitions
Accused Products
Abstract
A system for handling denial of service attacks on behalf of a shared network resource. A request processing component deployed within a network, the request processing component having an interface configured to receive requests on behalf of the shared network resource. A rate control component coupled to the request processing component, the rate control component comprising program and data structures operable to selectively forward received requests to the shared network resource at a rate selected to prevent the shared network resource from crashing or becoming undesirably busy. Preferably, the system includes a denial of service attack detection component coupled to the request processing component and the rate control component and operable to monitor request metrics from the request processing component and provide configuration information to the rate control component.
-
Citations
21 Claims
-
1. A security service for a shared network server comprising:
-
providing a network and a shared network server coupled to the network, the shared network server having a fixed quantity of resources for responding to network requests;
providing a constellation of front-end servers within the network;
using the front-end servers to receive requests destined for the shared network server; and
forwarding the received requests from the front-end servers to the shared network server at a governed rate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for handling denial of service attacks on behalf of a shared network resource, the system comprising:
-
a request processing component deployed within a network, the request processing component having an interface configured to receive requests on behalf of the shared network server;
a rate control component coupled to the request processing component, the rate control component comprising program and data structures operable to selectively forward received requests to the shared network server at a rate selected to prevent the shared network server from crashing or becoming undesirably busy. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for mitigating a denial of service attack comprising the acts of:
-
providing a shared network resource coupled to a public network and receiving requests from the public network;
providing a plurality of front-end servers, each having a unique network address and coupled to the shared network resource;
assigning a plurality of front-end servers to the shared network resource, wherein the aggregate request processing capacity of the assigned front-end servers is greater than the request handling capacity of the shared network resource;
causing requests for the shared network resource to be redirected through one of the front-end servers; and
forwarding the requests from the front-end server to the shared network resource at a rate selected to inhibit a likelihood of a crash or an undesirable level of business. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification