System and method for identifying the source of a denial-of-service attack
First Claim
Patent Images
1. A method for identifying a source of a Denial-of-Service (DoS) attack, comprising:
- retrieving flow information about packets collected at different points in a network; and
analyzing the flow information to reconstruct a path taken by a packet associated with the DoS attack to identify the source of the DoS attack.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for identifying the source of a denial-of-service attack is described. In one implementation, flow information about packets transmitted through a network is collected at different points in the network. The flow level information is analyzed to reconstruct a path taken by a packet associated with a DoS attack to identify the source of such an attack.
50 Citations
22 Claims
-
1. A method for identifying a source of a Denial-of-Service (DoS) attack, comprising:
-
retrieving flow information about packets collected at different points in a network; and
analyzing the flow information to reconstruct a path taken by a packet associated with the DoS attack to identify the source of the DoS attack. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
maintaining logs comprising flow information about packets flowing through a network at various monitoring points in the network; and
querying one or more of the logs using flow identifiers associated with attack packets of a Denial-of-Service (DoS) attack to identify specific flow-information maintained in one or more of the logs associated with the DoS attack to reconstruct a path taken by the attack packets to identify where the DoS attack emanates. - View Dependent Claims (9, 10)
-
-
11. A computer, comprising:
-
a memory comprising a set of computer-executable instructions; and
a processor coupled to the memory, wherein the computer-executable instructions when executed by the processor, direct the computer to identify the source of a Denial-of-Service attack in a network, by;
retrieving flow information about packets collected at different points in a network; and
analyzing the flow information to reconstruct a path taken by a packet associated with the DoS attack to identify the source of the DoS attack. - View Dependent Claims (12, 13)
-
-
14. One or more computer-readable media having stored thereon computer executable instructions that, when executed by a computer, causes the computer to:
-
retrieve flow information about packets collected at different points in a network; and
analyze the flow information to reconstruct a path taken by a packet associated with the DoS attack to identify the source of the DoS attack.
-
-
15. A system, comprising:
-
a victim node;
a traceback server; and
a victim module comprising computer-executable instructions that when executed by the victim node and the traceback server, enable the victim node to notify the traceback sever to initiate the trace back of flows associated with a DoS attack, and enables the traceback server to analyze flow information collected from various points in the network to identify the source of a DoS attack. - View Dependent Claims (16, 17, 18)
-
-
19. A method for identifying a source of a Denial-of-Service (DoS) attack, comprising:
-
constructing a query from an attack packet;
using the query to retrieve flow information about packets collected at different points in a network; and
analyzing the flow information to reconstruct a path taken by the attack packet to identify the source of the DoS attack. - View Dependent Claims (20, 21, 22)
-
Specification