SWITCHING NETWORK EMPLOYING A USER CHALLENGE MECHANISM TO COUNTER DENIAL OF SERVICE ATTACKS
First Claim
1. An apparatus comprising:
- storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and
a processing circuitry coupled to the storage to compare packet traffic on the network with the plurality of templates and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates and to trigger a service function by causing a challenge to be sent to a respective device coupled to the network.
5 Assignments
0 Petitions
Accused Products
Abstract
A communication infrastructure includes an intermediate routing node that routes a plurality of packets between a source device and a plurality of destination devices, a plurality of templates stored on the intermediate routing node and a service function. The intermediate routing node, e.g., a switch, router, access point, bridge, or gateway, identifies packets containing requests for a webpage, the requests being a service attack attempt by comparing the packet with the plurality of templates. Then, the intermediate routing node denies service attack by interacting with the server and client devices. That is, the intermediate routing node sends messages with challenge mechanism to the server, based on the response or otherwise, sends messages and anti-service attack downloads to the client devices and receives response.
13 Citations
18 Claims
-
1. An apparatus comprising:
-
storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and a processing circuitry coupled to the storage to compare packet traffic on the network with the plurality of templates and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates and to trigger a service function by causing a challenge to be sent to a respective device coupled to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
comparing packet traffic on a network with a plurality of templates and data pertaining to prior traffic on the network, the plurality of templates including at least a primary template and a secondary template; identifying a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the plurality templates; and triggering a service function by causing a challenge to be sent to a respective device coupled to the network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification