Method and apparatus for traffic control of dynamic denial of service attacks within a communications network

US 20060230444A1
Filed: 03/25/2005
Published: 10/12/2006
Est. Priority Date: 03/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing communications traffic within a communications network comprising:

detecting traffic that requires denial of service;

sending a denial of service request to a traffic routing control unit; and

updating the routing information for edge routers within the communications network to insure that specific edge routers redirect the traffic that is to be denied service to at least one of a cleaning center or null address.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing traffic management for distributed denial of service (DDOS) traffic. Within a communications network, a DDOS detection system monitors network traffic to identify traffic that is designed to attack a particular server within the network and their entry points into the network. A traffic routing control unit is requested to deny service to the DDOS traffic. By selectively manipulating the routing information propagated to network edge routers, the traffic that is denied service is limited to mostly DDOS traffic and is routed to a cleaning center or a null address in the most effective fashion.

66 Citations

View as Search Results

18 Claims

1. A method of managing communications traffic within a communications network comprising:
- detecting traffic that requires denial of service;
  
  sending a denial of service request to a traffic routing control unit; and
  
  updating the routing information for edge routers within the communications network to insure that specific edge routers redirect the traffic that is to be denied service to at least one of a cleaning center or null address.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - cleaning the traffic that is to be denied service such that legitimate traffic is routed to a customer that is being attacked.
  - 3. The method of claim 1 wherein the detecting step is performed within at least one of the traffic routing control unit, an edge router and a neighbor router.
  - 4. The method of claim 1 wherein the specific edge routers form a subset of all edge routers within the network.
  - 5. The method of claim 1 further comprising:
    - selecting a specific cleaning center based upon a criteria.
  - 6. The method of claim 5 wherein the criteria is at least one of utilization, delay, traffic type, and network load.

7. Apparatus for providing traffic management within a communications network comprising:
- a communications network interconnecting a plurality of edge routers;
  
  a traffic routing control unit within the communications network;
  
  a denial of service detection system, coupled to the network, for issuing denial of service requests to the traffic routing control unit; and
  
  a plurality of customer computers coupled to the edge routers wherein, in response to the denial of service request, the traffic routing control unit updates the routing information of select edge routers to route specific traffic to at least one of a cleaning center or null address.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7 wherein the cleaning center cleanses the traffic that is to be denied service.
  - 9. The apparatus of claim 7 wherein the denial of service detection system is located in at least one of the traffic routing control unit, an edge router, and a neighbor router.
  - 10. The apparatus of claim 7 wherein the select edge routers form a subset of all edge routers.
  - 11. The apparatus of claim 7 wherein a specific cleaning center is selected using a criteria.
  - 12. The apparatus of claim 11 wherein the criteria is at least one of utilization, delay, traffic type, and network load.

13. A method of managing communications traffic within a communications network comprising:
- controlling at least one edge router to route specific traffic to at least one of a cleaning center or null address.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13 wherein the specific traffic is traffic that is to be denied service.
  - 15. The method of claim 14 further comprising detecting specific traffic that is to be denied service and identifying the at least one edge router that handles the specific traffic.
  - 16. The method of claim 13 further comprising:
    - selecting a specific cleaning center based upon a criteria.
  - 17. The method of claim 16 wherein the criteria is at least one of utilization, delay, traffic type, and network load.
  - 18. The method of claim 13 wherein the controlling step enables DDOS traffic management by redirecting traffic from a source of traffic for the at least one edge router from which the DDOS traffic originates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Nguyen, Han Q., Saad, Samir S., Mulligan, John T., Iloglu, Ali M.

Granted Patent

US 8,089,871 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

Method and apparatus for traffic control of dynamic denial of service attacks within a communications network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for traffic control of dynamic denial of service attacks within a communications network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links