SWITCHING NETWORK EMPLOYING A USER CHALLENGE MECHANISM TO COUNTER DENIAL OF SERVICE ATTACKS

US 20100269177A1
Filed: 06/28/2010
Published: 10/21/2010
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and

a processing circuitry coupled to the storage to compare packet traffic on the network with the plurality of templates and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates and to trigger a service function by causing a challenge to be sent to a respective device coupled to the network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication infrastructure includes an intermediate routing node that routes a plurality of packets between a source device and a plurality of destination devices, a plurality of templates stored on the intermediate routing node and a service function. The intermediate routing node, e.g., a switch, router, access point, bridge, or gateway, identifies packets containing requests for a webpage, the requests being a service attack attempt by comparing the packet with the plurality of templates. Then, the intermediate routing node denies service attack by interacting with the server and client devices. That is, the intermediate routing node sends messages with challenge mechanism to the server, based on the response or otherwise, sends messages and anti-service attack downloads to the client devices and receives response.

13 Citations

View as Search Results

18 Claims

1. An apparatus comprising:
- storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and
  
  a processing circuitry coupled to the storage to compare packet traffic on the network with the plurality of templates and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates and to trigger a service function by causing a challenge to be sent to a respective device coupled to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the storage contains an enhanced version of one or more of the templates.
  - 3. The apparatus of claim 2, wherein the processing circuitry utilizes the enhanced version of one or more of the templates to perform comparison with the packet traffic.
  - 4. The apparatus of claim 1, wherein the storage contains a recent version of one or more of the templates.
  - 5. The apparatus of claim 4, wherein the processing circuitry utilizes the recent version of one or more of the templates to perform comparison with the packet traffic.
  - 6. The apparatus of claim 1, wherein the processing circuitry identifies the possibility of the service attack based on date and time associated with the packet traffic.
  - 7. The apparatus of claim 1, wherein the processing circuitry identifies the possibility of the service attack based on a statistical analysis.
  - 8. The apparatus of claim 1, wherein the processing circuitry uses the primary template to target a network address and the secondary template to target a web page request.
  - 9. The apparatus of claim 1, wherein the processing circuitry functions to address denial of service attack, when the processing circuitry identifies a service attack.
  - 10. The apparatus of claim 1, wherein the challenge to be sent is a human challenge.

11. A method comprising:
- comparing packet traffic on a network with a plurality of templates and data pertaining to prior traffic on the network, the plurality of templates including at least a primary template and a secondary template;
  
  identifying a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates; and
  
  triggering a service function by causing a challenge to be sent to a respective device coupled to the network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein comparing the packet traffic with a plurality of templates and data pertaining to prior traffic compares the packet traffic with an enhanced version of one or more of the templates.
  - 13. The method of claim 11, wherein comparing the packet traffic with a plurality of templates and data pertaining to prior traffic compares the packet traffic with a recent version of one or more of the templates.
  - 14. The method of claim 11, wherein identifying the possibility of a service attack includes identifying based on date and time associated with the packet traffic.
  - 15. The method of claim 11, wherein identifying the possibility of a service attack includes identifying based on a statistical analysis.
  - 16. The method of claim 11, wherein the primary template to target a network address and the secondary template to target a web page request.
  - 17. The method of claim 11, further including performing a denial of service attack, when a service attack is identified.
  - 18. The method of claim 11, wherein triggering a service function challenge includes causing a human challenge to be sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Bennett, James D.

Granted Patent

US 8,259,727 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

SWITCHING NETWORK EMPLOYING A USER CHALLENGE MECHANISM TO COUNTER DENIAL OF SERVICE ATTACKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SWITCHING NETWORK EMPLOYING A USER CHALLENGE MECHANISM TO COUNTER DENIAL OF SERVICE ATTACKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links