Method and system for detecting, tracking and blocking denial of service attacks over a computer network
First Claim
1. A system for detecting, tracking and blocking one or more denial of service attacks over a computer network, the system comprising:
- a collector adapted to receive a plurality of data statistics from the computer network and to process the plurality of data statistics to detect one or more data packet flow anomalies and to generate a signal representing the one or more data packet flow anomalies; and
a controller coupled to the collector to receive the signal;
wherein the controller is constructed and arranged to respond to the signal by tracking attributes related to the one or more data packet flow anomalies to at least one source, and wherein the controller is constructed and arranged to block the one or more data packet flow anomalies.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for detecting, tracking and blocking denial of service (“DoS”) attacks, which can occur between local computer systems and/or between remote computer systems, network links, and/or routing systems over a computer network. The system includes a collector adapted to receive a plurality of data statistics from the computer network and to process the plurality of data statistics to detect one or more data packet flow anomalies. The collector is further adapted to generate a plurality of signals representing the one or more data packet flow anomalies. The system further includes a controller that is coupled to the collector and is adapted to receive the plurality of signals from the collector. The controller is constructed and arranged to respond to the plurality of signals by tracking attributes related to the one or more data packet flow anomalies to at least one source, and to block the one or more data packet flow anomalies using a filtering mechanism executed in close proximity to the at least one source.
501 Citations
33 Claims
-
1. A system for detecting, tracking and blocking one or more denial of service attacks over a computer network, the system comprising:
-
a collector adapted to receive a plurality of data statistics from the computer network and to process the plurality of data statistics to detect one or more data packet flow anomalies and to generate a signal representing the one or more data packet flow anomalies; and
a controller coupled to the collector to receive the signal;
wherein the controller is constructed and arranged to respond to the signal by tracking attributes related to the one or more data packet flow anomalies to at least one source, and wherein the controller is constructed and arranged to block the one or more data packet flow anomalies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33)
-
-
19. A system comprising:
-
at least one routing system;
a plurality of computer systems coupled to the routing system; and
means for detecting one or more denial of service attacks communicated to the plurality of computer systems over the at least one routing system.
-
-
27. A method for detecting, tracking and blocking one or more denial of service attacks over a computer network, the system comprising the steps of:
-
collecting a plurality of data statistics from the computer network;
processing the plurality of data statistics to detect one or more data packet flow anomalies;
generating a plurality of signals representing the one or more data packet flow anomalies; and
receiving and responding to the plurality of signals by tracking attributes related to the one or more data packet flow anomalies to at least one source.
-
Specification