DISTRIBUTED DENIAL OF SERVICE CONGESTION RECOVERY USING SPLIT HORIZON DNS

US 20100121979A1
Filed: 11/07/2008
Published: 05/13/2010
Est. Priority Date: 11/07/2008
Status: Active Grant

First Claim

Patent Images

1. A method for congestion recovery during a denial of service attack, comprising:

creating a split horizon zone on a server, wherein the split horizon zone comprises a fictitious zone mapped to a fictitious address;

receiving and investigating a plurality of requests from a plurality of clients;

designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address;

assigning the client address to the fictitious zone; and

routing network traffic from the malicious client to the fictitious address.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for congestion recovery during a denial of service attack involves creating a split horizon zone on a server, where the split horizon zone includes a fictitious zone mapped to a fictitious address, receiving and investigating requests from clients, designating a malicious client based on investigating the requests, where the malicious client is associated with a client address, assigning the client address to the fictitious zone, and routing network traffic from the malicious client to the fictitious address.

21 Citations

View as Search Results

20 Claims

1. A method for congestion recovery during a denial of service attack, comprising:
- creating a split horizon zone on a server, wherein the split horizon zone comprises a fictitious zone mapped to a fictitious address;
  
  receiving and investigating a plurality of requests from a plurality of clients;
  
  designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address;
  
  assigning the client address to the fictitious zone; and
  
  routing network traffic from the malicious client to the fictitious address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - creating a general split horizon zone for non-malicious clients;
      
      altering the general split horizon zone to further limit malicious client access.
  - 3. The method of claim 1, further comprising:
    - updating the split horizon zones dynamically.
  - 4. The method of claim 1, wherein designating the malicious client is handled by an Intrusion Detection System (IDS).
  - 5. The method of claim 1, wherein assigning the client address comprises assigning a unique IP address of the malicious client to the fictitious zone.
  - 6. The method of claim 1, wherein assigning the client address comprises assigning an entire sub-network of the malicious client to the fictitious zone.
  - 7. The method of claim 1, wherein the malicious client is sent to the fictitious addresses by rewriting portions of a response sent to the malicious client.
  - 8. The method of claim 1, wherein the fictitious address is a non-routable address.
  - 9. The method of claim 1, wherein the fictitious address is the address of the malicious client.

10. A system for denial of service attack congestion recovery, comprising:
- a plurality of clients with a processor comprising functionality to execute software instructions for sending a plurality of requests, wherein the plurality of requests comprise requests for a plurality of Internet Protocol (IP) addresses;
  
  a domain name system (DNS) server communicatively coupled to the plurality of clients and configured for;
  
  creating a split horizon zone, wherein the split horizon zone comprises a fictitious zone mapped to a fictitious address,receiving and investigating a plurality of requests from the plurality of clients,designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address,assigning the client address to the fictitious zone,routing network traffic from the malicious client to the fictitious address; and
  
  an intrusion detection system (IDS) communicatively coupled to the plurality of clients and the DNS server.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein the DNS server and the IDS reside on the same machine.

12. A computer readable medium storing instructions for congestion recovery during a denial of service attack, the instructions comprising functionality to:
- create a split horizon zone on a server, wherein the split horizon zone comprises a fictitious zone mapped to a fictitious address;
  
  receive and investigate a plurality of requests from a plurality of clients;
  
  designate a malicious client from the plurality of clients based on investigating the plurality of requests;
  
  assign the address of the malicious client to the fictitious zone; and
  
  route network traffic from the malicious client to the fictitious address.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer readable medium of claim 12, further comprising instructions comprising functionality to:
    - create a general split horizon zone for non-malicious clients;
      
      alter the general split horizon zone to further limit malicious client access.
  - 14. The computer readable medium of claim 12, further comprising instructions comprising functionality to:
    - update the split horizon zones dynamically.
  - 15. The computer readable medium of claim 12, wherein designating the malicious client is handled by an Intrusion Detection System (IDS).
  - 16. The computer readable medium of claim 12, wherein assigning the client address comprises assigning a unique IP address of the malicious client to the fictitious zone.
  - 17. The computer readable medium of claim 12, wherein assigning the client address comprises assigning an entire sub-network of the malicious client to the fictitious zone.
  - 18. The computer readable medium of claim 12, wherein the malicious client is sent to the fictitious addresses by rewriting portions of a response sent to the malicious client.
  - 19. The computer readable medium of claim 12, wherein the fictitious address is a non-routable address.
  - 20. The computer readable medium of claim 12, wherein the fictitious address is the address of the malicious client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
St. Pierre, Robert Paul

Granted Patent

US 7,987,255 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/239
CPC Class Codes

H04L 63/1458 Denial of Service

H04L 63/1491 using deception as counterm...

DISTRIBUTED DENIAL OF SERVICE CONGESTION RECOVERY USING SPLIT HORIZON DNS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DISTRIBUTED DENIAL OF SERVICE CONGESTION RECOVERY USING SPLIT HORIZON DNS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others