METHOD AND APPARATUS FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE ATTACKS
First Claim
1. A method comprising:
- assigning a set of temporary network addresses to a hostname for a finite period and assigning one or more other sets of temporary network addresses to the hostname in one or more following finite periods;
responding to a hostname lookup request based on the set of temporary network addresses, the one or more other sets of temporary network addresses, or a combination thereof that are active;
responding to a network address lookup request based on at least one of the set of temporary network addresses and the one or more other sets of temporary network addresses that is associated with a current one of the finite period or the one or more following finite periods; and
retiring the set of temporary network addresses, the one or more sets of temporary network addresses, or a combination thereof after a configurable number of finite periods,wherein no further network address or hostname lookup request is served based on the retired set of temporary network addresses, the retired one or more sets of temporary network addresses, or a combination thereof.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for mitigating distributed denial of service (DDoS) attacks includes assigning a set of temporary network addresses to a hostname for a finite period and assigning one or more other sets of temporary network addresses to the hostname in one or more following finite periods, responding to a hostname lookup request based on the set of temporary network addresses, the one or more other sets of temporary network addresses, or a combination thereof that are active, responding to a network address lookup request based on at least one of the set of temporary network addresses and the one or more other sets of temporary network addresses that is associated with a current one of the finite period or the one or more following finite periods, and retiring the set of temporary network addresses, the one or more sets of temporary network addresses, or a combination thereof after a configurable number of finite periods, wherein no further network address or hostname lookup request is served based on the retired set of temporary network addresses, the retired one or more sets of temporary network addresses, or a combination thereof.
-
Citations
20 Claims
-
1. A method comprising:
-
assigning a set of temporary network addresses to a hostname for a finite period and assigning one or more other sets of temporary network addresses to the hostname in one or more following finite periods; responding to a hostname lookup request based on the set of temporary network addresses, the one or more other sets of temporary network addresses, or a combination thereof that are active; responding to a network address lookup request based on at least one of the set of temporary network addresses and the one or more other sets of temporary network addresses that is associated with a current one of the finite period or the one or more following finite periods; and retiring the set of temporary network addresses, the one or more sets of temporary network addresses, or a combination thereof after a configurable number of finite periods, wherein no further network address or hostname lookup request is served based on the retired set of temporary network addresses, the retired one or more sets of temporary network addresses, or a combination thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus configured to:
-
assign a set of temporary network addresses to a hostname for a current finite period and assign one or more other sets of temporary network addresses in one or more following finite periods; respond to a hostname lookup request in the current finite period based on the assigned set of temporary network addresses and one or more previously assigned sets of temporary network addresses; respond to a network address lookup request in the current finite period based on the assigned set of temporary network addresses; and retire the assigned set of temporary network addresses after a configurable number of finite periods. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
a mitigation platform configured to assign a set of temporary network addresses to a hostname for a current finite period and assign one or more other sets of temporary network addresses in one or more following finite periods, respond to a hostname lookup request in the current finite period based on the assigned set of temporary network addresses and one or more previously assigned sets of temporary network addresses, respond to a network address lookup request in the current finite period based on the assigned set of temporary network addresses, and retire the assigned set of temporary network addresses after a configurable number of finite periods. - View Dependent Claims (18, 19, 20)
Specification