SYSTEMS AND METHODS FOR MITIGATING AND/OR PREVENTING DISTRIBUTED DENIAL-OF-SERVICE ATTACKS

US 20180013786A1
Filed: 07/17/2017
Published: 01/11/2018
Est. Priority Date: 05/05/2016
Status: Active Grant

First Claim

Patent Images

1. A gateway for mitigating and/or preventing distributed denial-of-service (DDOS) attack, the gateway comprising:

one or more processors configured to;

obtain network data from one or more entities associated with the gateway;

provide the network data to a server;

obtain a set of entity identifiers from the server, wherein the set of entity identifiers is generated based on at least the network data; and

filter communications based on the set of entity identifiers.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described that mitigates and/or prevents distributed denial-of-service (DDOS) attacks. In one implementation, a gateway include one or more processors configured to obtain network data from one or more entities associated with the gateway, provide the network data to a server, and obtain a set of entity identifiers from the server. The set of entity identifiers may be generated based on at least the network data. The one or more processors may be further configured to filter communications based on the set of entity identifiers.

32 Citations

View as Search Results

27 Claims

1. A gateway for mitigating and/or preventing distributed denial-of-service (DDOS) attack, the gateway comprising:
- one or more processors configured to;
  
  obtain network data from one or more entities associated with the gateway;
  
  provide the network data to a server;
  
  obtain a set of entity identifiers from the server, wherein the set of entity identifiers is generated based on at least the network data; and
  
  filter communications based on the set of entity identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The gateway of claim 1, wherein the one or more processors are further configured to:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers; and
      
      verify the server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 3. The gateway of claim 1, wherein the one or more processors are further configured to:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers;
      
      provide the server signature to a second server;
      
      obtain a second server signature from the second server, wherein the second server signature is generated based on at least a second portion of the set of entity identifiers and provided to the gateway after the second server verifies the server signature; and
      
      verify the second server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 4. The gateway of claim 1, wherein the one or more processors are further configured to provide a gateway signature to the server, wherein the gateway signature is generated based on at least a first portion of the network data, and wherein the set of entity identifiers is generated after the server verifies the gateway signature.
  - 5. The gateway of claim 1, wherein:
    - the one or more processors are further configured to provide a gateway signature to the server,the gateway signature is generated based on at least a first portion of the network data,the server provides the gateway signature to a second server,the second server verifies the gateway signature,the second server obtains a second server signature,the second server provides the second server signature to the server, andthe set of entity identifiers is generated after the server verifies the second server signature.
  - 6. The gateway of claim 1, wherein the set of entity identifiers includes one or more identifiers associated with entities that are determined by the server as being targets or potential targets of a DDOS attack, and wherein the filtering of the communications include rejecting communications destined for the entities that are determined by the server as being targets or potential targets of the DDOS attack.
  - 7. The gateway of claim 1, wherein the set of entity identifiers includes one or more identifiers associated with entities that are determined by the server as being trusted entities, and wherein the filtering of the communications include rejecting communications that are destined for entities other than the entities that are determined by the server as being trusted entities.

8-10. -10. (canceled)

11. A method for mitigating and/or preventing distributed denial-of-service (DDOS) attacks, the method comprising:
- obtaining network data from one or more entities associated with a gateway;
  
  providing the network data to a server;
  
  obtaining a set of entity identifiers from the server, wherein the set of entity identifiers is generated based on at least the network data; and
  
  filtering communications based on the set of entity identifiers.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, further comprising:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers; and
      
      verify the server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 13. The method of claim 11, further comprising:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers;
      
      provide the server signature to a second server;
      
      obtain a second server signature from the second server, wherein the second server signature is generated based on at least a second portion of the set of entity identifiers and provided to the gateway after the second server verifies the server signature; and
      
      verify the second server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 14. The method of claim 11, further comprising:
    - providing a gateway signature to the server, wherein the gateway signature is generated based on at least a first portion of the network data, and wherein the set of entity identifiers is generated after the server verifies the gateway signature.
  - 15. The method of claim 11, further comprising providing a gateway signature to the server, and wherein:
    - the gateway signature is generated based on at least a first portion of the network data,the server provides the gateway signature to a second server,the second server verifies the gateway signature,the second server obtains a second server signature,the second server provides the second server signature to the server, andthe set of entity identifiers is generated after the server verifies the second server signature.
  - 16. The method of claim 11, wherein the set of entity identifiers includes one or more identifiers associated with entities that are determined by the server as being targets or potential targets of a DDOS attack, and wherein the filtering of the communications include rejecting communications destined for the entities that are determined by the server as being targets or potential targets of the DDOS attack.
  - 17. The method of claim 11, wherein the set of entity identifiers includes one or more identifiers associated with entities that are determined by the server as being trusted entities, and wherein the filtering of the communications include rejecting communications that are destined for entities other than the entities that are determined by the server as being trusted entities.

18-20. -20. (canceled)

21. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for mitigating and/or preventing distributed denial-of-service (DDOS) attacks, the method comprising:
- obtaining network data from one or more entities associated with a gateway;
  
  providing the network data to a server;
  
  obtaining a set of entity identifiers from the server, wherein the set of entity identifiers is generated based on at least the network data; and
  
  filtering communications based on the set of entity identifiers.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, further comprising:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers; and
      
      verify the server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 23. The method of claim 21, further comprising:
    - obtain a server signature from the server, wherein the server signature is generated based on at least a first portion of the set of entity identifiers;
      
      provide the server signature to a second server;
      
      obtain a second server signature from the second server, wherein the second server signature is generated based on at least a second portion of the set of entity identifiers and provided to the gateway after the second server verifies the server signature; and
      
      verify the second server signature prior to the filtering of the communications based on the set of entity identifiers.
  - 24. The method of claim 21, further comprising:
    - providing a gateway signature to the server, wherein the gateway signature is generated based on at least a first portion of the network data, and wherein the set of entity identifiers is generated after the server verifies the gateway signature.
  - 25. The method of claim 21, further comprising providing a gateway signature to the server, and wherein:
    - the gateway signature is generated based on at least a first portion of the network data,the server provides the gateway signature to a second server,the second server verifies the gateway signature,the second server obtains a second server signature,the second server provides the second server signature to the server, andthe set of entity identifiers is generated after the server verifies the second server signature.
  - 26. The method of claim 21, wherein the set of entity identifiers includes one or more identifiers associated with entities that are determined by the server as being targets or potential targets of a DDOS attack, and wherein the filtering of the communications include rejecting communications destined for the entities that are determined by the server as being targets or potential targets of the DDOS attack.

27-30. -30. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neustar Incorporated
Original Assignee
Neustar Incorporated
Inventors
Knopf, Brian R.

Granted Patent

US 11,277,439 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 63/0209   Architectural arrangements,...

H04L 63/0236   Filtering by address, proto...

H04L 63/1458   Denial of Service

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

SYSTEMS AND METHODS FOR MITIGATING AND/OR PREVENTING DISTRIBUTED DENIAL-OF-SERVICE ATTACKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR MITIGATING AND/OR PREVENTING DISTRIBUTED DENIAL-OF-SERVICE ATTACKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links