ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS
First Claim
1. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:
- detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers;
receiving, at a second server system comprising one or more servers, network traffic directed to the first server system;
subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies;
identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms;
identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and
forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.
377 Citations
90 Claims
-
1. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:
-
detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-implemented method of mitigating against a Secure Sockets Layer (SSL) denial of service (DoS) attack, comprising:
-
detecting an SSL DoS attack or potential SSL DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system, wherein the first server system and the second server system are owned by different entities, and the second server system uses one or more encryption keys belonging to an owner of the first server system to decrypt secure network traffic directed to the first server system subjecting requesting clients to one or more challenge mechanisms; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:
-
receiving a first HTTP request from a client; sending an HTTP redirect response to the client; if the client transmits a second HTTP request according to the HTTP redirect response, categorizing the client as non-suspect; and if the client does not transmit a second HTTP request according to the HTTP redirect response, categorizing the client as suspect. - View Dependent Claims (38, 39)
-
-
40. A computer-implemented method of mitigating against a Secure Sockets Layer (SSL) denial of service (DoS) attack, comprising:
-
receiving a request for an SSL session from a client; establishing an SSL session and a first SSL connection with the client, wherein the SSL session includes an SSL session ID particularly associated with the client; closing the first SSL connection with the client; receiving a subsequent request from the client to establish a second SSL connection; categorizing the client as non-suspect if the client requests the second SSL connection using the SSL session ID particularly associated with the client; and categorizing the client as suspect if the client requests the second SSL connection without using the SSL session ID particularly associated with the client. - View Dependent Claims (41, 42)
-
-
43. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:
-
receiving a first HTTP request from a client; sending an HTTP response to the client, wherein the HTTP response includes an HTTP cookie; receiving a second HTTP request from the client; if the second HTTP request includes the HTTP cookie, categorizing the client as non-suspect; and if the second HTTP request does not include the HTTP cookie, categorizing the client as suspect. - View Dependent Claims (44, 45)
-
-
46. A system for mitigating against a denial of service (DoS) attack, comprising:
-
a processing system comprising one or more processors; one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
-
-
76. A system for mitigating against a Secure Sockets Layer (SSL) denial of service (DoS) attack, comprising:
-
a processing system comprising one or more processors; one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; detecting an SSL DoS attack or potential SSL DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system, wherein the first server system and the second server system are owned by different entities, and the second server system uses one or more encryption keys belonging to an owner of the first server system to decrypt secure network traffic directed to the first server system subjecting requesting clients to one or more challenge mechanisms; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. - View Dependent Claims (77, 78, 79, 80, 81)
-
-
82. A system for mitigating against a denial of service (DoS) attack, comprising:
-
a processing system comprising one or more processors; one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; receiving a first HTTP request from a client; sending an HTTP redirect response to the client; if the client transmits a second HTTP request according to the HTTP redirect response, categorizing the client as non-suspect; and if the client does not transmit a second HTTP request according to the HTTP redirect response, categorizing the client as suspect. - View Dependent Claims (83, 84)
-
-
85. A system for mitigating against a Secure Sockets Layer (SSL) denial of service (DoS) attack, comprising:
-
a processing system comprising one or more processors; one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; receiving a request for an SSL session from a client; establishing an SSL session and a first SSL connection with the client, wherein the SSL session includes an SSL session ID particularly associated with the client; closing the first SSL connection with the client; receiving a subsequent request from the client to establish a second SSL connection; categorizing the client as non-suspect if the client requests the second SSL connection using the SSL session ID particularly associated with the client; and categorizing the client as suspect if the client requests the second SSL connection without using the SSL session ID particularly associated with the client. - View Dependent Claims (86, 87)
-
-
88. A system for mitigating against a denial of service (DoS) attack, comprising:
-
a processing system comprising one or more processors; one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of; receiving a first HTTP request from a client; sending an HTTP response to the client, wherein the HTTP response includes an HTTP cookie; receiving a second HTTP request from the client; if the second HTTP request includes the HTTP cookie, categorizing the client as non-suspect; and if the second HTTP request does not include the HTTP cookie, categorizing the client as suspect. - View Dependent Claims (89, 90)
-
Specification