System and method for the detection of and reaction to computer hacker denial of service attacks
First Claim
Patent Images
1. A method for detecting computer hacker denial of service attacks, comprising the steps of:
- issuing a bit mapped challenge in response to a login request from a requester of services; and
responsive to an incorrect response to said challenge, placing said requester in a state of limited service.
2 Assignments
0 Petitions
Accused Products
Abstract
Challenge-response and probative methods together or independent of each other enable detection of devices participating in denial of service (DOS) and distributed DOS (DDOS) attacks upon a network resource, and upon identification of devices participating in attacks, minimize the effect of the attack and/or minimize the ability of the device to continue its attack by placing the attacking devices in a state of reduced or denied service.
84 Citations
30 Claims
-
1. A method for detecting computer hacker denial of service attacks, comprising the steps of:
-
issuing a bit mapped challenge in response to a login request from a requester of services; and
responsive to an incorrect response to said challenge, placing said requester in a state of limited service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for detecting computer hacker denial of service attacks, comprising the steps of:
-
executing a challenge-response login procedure and a network probing test frame transmission and analysis procedure to detect a hacker denial of service attack; and
responsive to detecting said denial of service attack, placing said hacker in a lower level of service state.
-
-
12. A method for detecting computer hacker denial of service attacks, comprising the steps of:
-
selecting sending and receiving probative test packets through a network;
responsive to said packets, determining network evaluation parameters for said network; and
responsive to said network evaluation parameters, determining presence of network denial of service attacks. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for detecting and responding to denial of service attacks, comprising:
-
a test station for identifying a zombie source of said denial of service attack;
a low quality server for serving said zombie source; and
a high quality server for serving legitimate sources of request for services. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A probative test and analysis method for detecting and responding to denial of service attacks on a network resource, comprising the steps of:
-
creating a template of attack patterns;
determining historical, current, and predicted states of said network for each of a plurality of types of network traffic;
responsive to said attack patterns, determining if a spike in network traffic is a distributed denial of service attack and, if so, determining its source; and
denying full service to sources associated with said service attack. - View Dependent Claims (25)
-
-
26. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for detecting computer hacker denial of service attacks, said method steps comprising:
-
issuing a bit mapped challenge in response to a login request from a requester of services; and
responsive to an incorrect response to said challenge, placing said requester in a state of limited service.
-
-
27. A computer program product or computer program element for detecting computer hacker denial of service attacks, according to method steps comprising:
-
issuing a bit mapped challenge in response to a login request from a requester of services; and
responsive to an incorrect response to said challenge, placing said requester in a state of limited service.
-
-
28. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for detecting computer hacker denial of service attacks, said method steps comprising:
-
selecting sending and receiving probative test packets through a network;
responsive to said packets, determining network evaluation parameters for said network;
responsive to said network evaluation parameters, determining presence of network denial of service attacks; and
denying full service to sources associated with said denial of service attack.
-
-
29. A method for detecting distributed denial of service attacks, including the steps of:
-
executing a network probing test frame transmission and analysis procedure to detect a hacker denial of service attack; and
responsive to detecting a denial of service attack, placing said hacker in a state of lower level of service.
-
-
30. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for detecting computer hacker denial of service attacks, said method steps comprising:
-
executing a network probing test frame transmission and analysis procedure to detect a hacker denial of service attack; and
responsive to detecting a denial of service attack, placing said hacker in a state of lower level of service.
-
Specification