Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
First Claim
1. A method of managing communications traffic within a communications network comprising:
- detecting traffic that requires denial of service;
sending a denial of service request to a traffic routing control unit; and
updating the routing information for edge routers within the communications network to insure that specific edge routers redirect the traffic that is to be denied service to at least one of a cleaning center or null address.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing traffic management for distributed denial of service (DDOS) traffic. Within a communications network, a DDOS detection system monitors network traffic to identify traffic that is designed to attack a particular server within the network and their entry points into the network. A traffic routing control unit is requested to deny service to the DDOS traffic. By selectively manipulating the routing information propagated to network edge routers, the traffic that is denied service is limited to mostly DDOS traffic and is routed to a cleaning center or a null address in the most effective fashion.
66 Citations
18 Claims
-
1. A method of managing communications traffic within a communications network comprising:
-
detecting traffic that requires denial of service;
sending a denial of service request to a traffic routing control unit; and
updating the routing information for edge routers within the communications network to insure that specific edge routers redirect the traffic that is to be denied service to at least one of a cleaning center or null address. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Apparatus for providing traffic management within a communications network comprising:
-
a communications network interconnecting a plurality of edge routers;
a traffic routing control unit within the communications network;
a denial of service detection system, coupled to the network, for issuing denial of service requests to the traffic routing control unit; and
a plurality of customer computers coupled to the edge routers wherein, in response to the denial of service request, the traffic routing control unit updates the routing information of select edge routers to route specific traffic to at least one of a cleaning center or null address. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of managing communications traffic within a communications network comprising:
controlling at least one edge router to route specific traffic to at least one of a cleaning center or null address. - View Dependent Claims (14, 15, 16, 17, 18)
Specification