Apparatus and method for secure, automated response to distributed denial of service attacks
First Claim
1. A method comprising:
- receiving notification of a distributed denial of service attack;
establishing security authentication from an upstream router from which attack traffic, transmitted by one or more attack host computers, is received; and
once security authentication is established, transmitting one or more filters to the upstream router such that attack traffic is dropped by the upstream router, thereby terminating the distributed denial of service attack.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for secure, automated response to distributed denial of service (DDoS) attacks are described. The method includes notification of a DDoS attack received by an Internet host. Once received by an Internet host, the Internet host establishes security authentication from an upstream router from which the attack traffic, transmitted by one or more host computers, is received. The Internet host then transmits filter(s) to the upstream router generated based upon characteristics of the attack traffic. Once installed by the upstream router, the attack traffic is dropped to terminate a DDoS attack. In addition, the router may determine upstream router(s) coupled to ports from which attack traffic is received, and securely forward the filter(s) to the upstream routers as a routing protocol updated in order to drop the attack traffic at a point closer to a source of the DDoS attack.
-
Citations
35 Claims
-
1. A method comprising:
-
receiving notification of a distributed denial of service attack;
establishing security authentication from an upstream router from which attack traffic, transmitted by one or more attack host computers, is received; and
once security authentication is established, transmitting one or more filters to the upstream router such that attack traffic is dropped by the upstream router, thereby terminating the distributed denial of service attack. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
establishing security authentication of an Internet host under a distributed denial of service (DDoS) attack;
receiving one or more filters from the Internet host;
when security authentication is established, verifying that the one or more filters select only network traffic directed to the Internet host; and
once verified, installing the one or more filters such that network traffic matching the one or more filters is prevented from reaching the Internet host. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a routing protocol update from a downstream router;
selecting one or more filters from the routing protocol update received from the downstream router;
establishing security authentication of the downstream router;
once authentication is established, verifying that the one or more filters select only network traffic directed to the downstream router; and
once verified, installing the one or more filters such that attack traffic matching the one or more filters is prevented from reaching the downstream router. - View Dependent Claims (12, 13, 14, 16, 17, 18, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32)
-
-
15. A computer readable storage medium including program instruction that directed a computer to function in a specific manner when executed by a processor, the program instructions comprising:
-
receiving notification of a distributed denial of service attack;
establishing security authentication from an upstream router from which attack traffic, transmitted by one or more attack host computers, is received; and
once security authentication is established, transmitting one or more filters to the upstream router such that attack traffic is dropped by the upstream router, thereby terminating the distributed denial of service attack.
-
-
19. A computer readable storage medium including program instruction that directed a computer to function in a specific manner when executed by a processor, the program instructions comprising:
-
establishing a security authentication of a downstream device;
once security authentication is established, verifying that one or more filters from the downstream device select only network traffic directed to the downstream device; and
once verified, installing the one or more filters such that network traffic matching the one or more filters is prevented from reaching the downstream device.
-
-
26. An apparatus, comprising:
-
a processor having circuitry to execute instructions;
a control plane interface coupled to the processor, the control plane interface to packet processing filers, and to authenticate a source of the packet processing filters;
ada storage device coupled to the processor, having sequences of instructions stored therein, which when executed by the processor cause the processor to;
establish a security authentication of a downstream device. once security authentication is established, verify that one or more filters from the downstream device select only network traffic directed to the downstream device and once verified, install the one or more filters such that network traffic matching the one or more filters is prevented from reaching the downstream device.
-
-
33. A system comprising:
-
an Internet host;
a wide area network; and
a router coupled between the Internet host and the wide area network, the router having;
a processor having circuitry to execute instructions;
a control plane interface coupled to the processor, the control plane interface to receive packet processing filers, and to authenticate a source of the packet processing filters; and
a storage device coupled to the processor, having sequences of instructions stored therein, which when executed by the processor cause the processor to;
establish security authentication of an Internet host under a distributed denial of service (DDoS) attack;
receive one or more filters from the Internet host;
when security authentication is established, verify that the one or more filters select only network traffic directed to the Internet host; and
once verified, install the one or more filters such that network traffic matching the one or more filters is prevented from reaching the Internet host. - View Dependent Claims (34, 35)
-
Specification