Thwarting source address spoofing-based denial of service attacks
First Claim
1. A method of protecting a victim site against a denial of service attack, the method comprises:
- receiving network packets with faked source addresses;
receiving from the victim site a notification that the victim site is under an attack; and
sending queries to data collectors to request information from at least some of the data collectors, the information to determine the source of suspicious network traffic being sent to the victim.
21 Assignments
0 Petitions
Accused Products
Abstract
A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.
98 Citations
20 Claims
-
1. A method of protecting a victim site against a denial of service attack, the method comprises:
-
receiving network packets with faked source addresses;
receiving from the victim site a notification that the victim site is under an attack; and
sending queries to data collectors to request information from at least some of the data collectors, the information to determine the source of suspicious network traffic being sent to the victim. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19)
-
-
15. A method of protecting a victim site against a denial of service attack, the method comprises:
-
receiving packets with faked, random source addresses;
receiving a notification that the victim data center is under an attack, from a gateway disposed near the victim site;
sending queries to data collectors to request information from data collectors that have examined network traffic with the victim destination address; and
determining the data center or centers involved in the attack on the victim by analyzing collected information from the data collectors.
-
-
20. A system to thwart denial of service attacks on a victim, comprises:
-
a plurality of monitors dispersed throughout a network, the monitors collecting statistical data on network traffic;
a control center coupled to the plurality of data collectors, the control center executing a computer program product stored on a computer readable medium, comprising instructions for causing a computer to;
receive from the victim site a notification that the victim data center is under an attack; and
send queries to data collectors to request information from data collectors, the information used to determine the source of suspicious network traffic being sent to the victim;
a gateway device that passes network packets between the network and the victim site, the gateway disposed to protect the victim site, and being coupled to the control center.
-
Specification