System and method for protecting internet protocol addresses

US 7,039,721 B1
Filed: 07/11/2001
Issued: 05/02/2006
Est. Priority Date: 01/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a host located within a computer network, the method comprising:

mapping a public host address for a public host to a secret host address for a secret host containing data accessible over the computer network, said public host address being available from a domain name system server;

receiving a request for communication with the secret host at the public host;

forwarding said request from the public host to the secret host; and

processing said request at the secret host and communicating from the secret host over the network, wherein said communication appears to be sent from the public host;

wherein forwarding said request comprises;

determining whether an attack is consuming significant resources, if it is determined that an attack is not consuming significant resources, slowing down the forwarding of said request short of stopping the same, and if it is determined that an attack is consuming significant resources, stopping the forwarding of said request;

wherein, after stopping the forwarding of said request, said secret host notifies select clients of an address of an alternate Post Office Box Internet Protocol (POBIP) node, and attempts to track down a source of the attack, where, after the attack has stopped, the address of the alternate Post Office Box Internet Protocol (POBIP) node is replaced with the public host address;

wherein a notification that the public host is under attack is received at the secret host;

wherein a notification that the public host is congested is received at the secret host.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a host located within a computer network. The method includes mapping a public host address for a public host to a secret host address for a secret host containing data accessible over the computer network. The public host address is available from a domain name system server. The method further includes receiving a request for communication with the secret host at the public host and forwarding the request from the public host to the secret host. The request is processed at the secret host which communicates over the network and the communication appears to be sent from the public host.

Citations

12 Claims

1. A method for protecting a host located within a computer network, the method comprising:
- mapping a public host address for a public host to a secret host address for a secret host containing data accessible over the computer network, said public host address being available from a domain name system server;
  
  receiving a request for communication with the secret host at the public host;
  
  forwarding said request from the public host to the secret host; and
  
  processing said request at the secret host and communicating from the secret host over the network, wherein said communication appears to be sent from the public host;
  
  wherein forwarding said request comprises;
  
  determining whether an attack is consuming significant resources, if it is determined that an attack is not consuming significant resources, slowing down the forwarding of said request short of stopping the same, and if it is determined that an attack is consuming significant resources, stopping the forwarding of said request;
  
  wherein, after stopping the forwarding of said request, said secret host notifies select clients of an address of an alternate Post Office Box Internet Protocol (POBIP) node, and attempts to track down a source of the attack, where, after the attack has stopped, the address of the alternate Post Office Box Internet Protocol (POBIP) node is replaced with the public host address;
  
  wherein a notification that the public host is under attack is received at the secret host;
  
  wherein a notification that the public host is congested is received at the secret host.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the network is the Internet and the secret host is a server.
  - 3. The method of claim 2 wherein the server hosts a Web site.
  - 4. The method of claim 1 wherein receiving a request comprises receiving a URL at the domain name system server, the domain name system server providing an IP address of the public host corresponding to the URL.
  - 5. The method of claim 1 wherein tracking down the source of the attack comprises performing a trace back at the secret host.

6. A computer program product for protecting a host located within a computer network, comprising:
- computer code that maps a public host address for a public host to a secret host address for a secret host containing data accessible over the computer network, said public host address being available from a domain name system server;
  
  computer code that receives a request for communication with the secret host at the public host;
  
  computer code that forwards said request from the public host to the secret host;
  
  computer code that processes said request at the secret host and communicates from the secret host over the network, wherein said communication appears to be sent from the public host; and
  
  a computer-readable storage medium for storing the codes;
  
  wherein forwarding said request comprises;
  
  determining whether an attack is consuming significant resources, if it is determined that an attack is not consuming significant resources, slowing down the forwarding of said request short of stopping the same, and if it is determined that an attack is consuming significant resources, stopping the forwarding of said request;
  
  wherein, after stopping the forwarding of said request, said secret host notifies select clients of an address of an alternate Post Office Box Internet Protocol (POBIP) node, and attempts to track down a source of the attack, where, after the attack has stopped, the address of the alternate Post Office Box Internet Protocol (POBIP) node is replaced with the public host address;
  
  wherein a notification that the public host is under attack is received at the secret host;
  
  wherein a notification that the public host is congested is received at the secret host.
- View Dependent Claims (7)
- - 7. The computer program product of claim 6 wherein the computer readable medium is selected from the group consisting of CD-ROM, floppy disk, tape, flash memory, system memory, hard drive, and data signal embodied in a carrier wave.

8. A system for protecting a host located within a computer network, the system comprising:
- a public host having a public host address available from a DNS server; and
  
  a secret host having a secret host address and containing data accessible over the computer network, said public host address being mapped to said secret host address;
  
  wherein the public host is operable to forward requests received from the network to the secret host and the secret host is operable to process said requests and communicate from the secret host to the network with said communication appearing to be sent from the public host;
  
  wherein forwarding said requests comprises;
  
  determining whether an attack is consuming significant resources, if it is determined that an attack is not consuming significant resources, slowing down the forwarding of said requests short of stopping the same, and if it is determined that an attack is consuming significant resources, stopping the forwarding of said requests;
  
  wherein after stopping the forwarding of said request, said secret host notifies select clients of an address of an alternate Post Office Box Internet Protocol (POBIP) node, and attempts to track down a source of the attack, where, after the attack has stopped the address of the alternate Post Office Box Internet Protocol (POBIP) node is replaced with the public host address;
  
  wherein a notification that the public host is under attack is received at the secret host;
  
  wherein a notification that the public host is congested is received at the secret host.
- View Dependent Claims (9)
- - 9. The system of claim 8 wherein the secret host is configured to manage the public host.

10. A method for hiding an IP address of a computer node located within a computer network, the method comprising:
- associating an IP address for a public node with an IP address of a secret node such that only the public node has access to the IP address of the secret node, said IP address for the public node being available from a DNS server;
  
  receiving packets from the network at the public node;
  
  forwarding said packets from the public node to the secret node; and
  
  responding to said packets at the secret node such that a response appears to be sent from the public node rather than the secret node;
  
  wherein the method further comprises;
  
  determining whether an attack is consuming significant resources;
  
  if it is determined that an attack is not consuming significant resources, slowing down the forwarding of said packets short of stopping the same;
  
  if it is determined that an attack is consuming significant resources, stopping the forwarding of said packets;
  
  wherein, after stopping the forwarding of said packets, said secret node requests that the DNS server replace the IP address for the public node with an IP address of an alternate Post Office Box Internet Protocol (POBIP) node, and attempts to track down a source of the attack, where, after the attack has stopped, the IP address of the alternate Post Office Box Internet Protocol (POBIP) node is replaced with the IP address for the public node;
  
  wherein a notification that the public node is under attack is received at the secret host;
  
  wherein a notification that the public node is congested is received at the secret host.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein the packets contain requests for data and the secret node is a server hosting a Web site.
  - 12. The method of claim 10 wherein the packets contain e-mail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Wu, Handong, Cook, Jeff
Primary Examiner(s)
Vaughn, Jr., William C.
Assistant Examiner(s)
JEAN GILLES, JUDE

Application Number

US09/904,310
Time in Patent Office

1,756 Days
Field of Search

709227-229, 709232-235, 709/245, 709/223, 709/250, 709/201, 713200-202, 713/160, 713/168, 370/401, 370/229, 370/217, 370/225, 370/2, 370/4, 710/20, 710/36, 710/38, 710/58, 712/28, 712/201
US Class Current

709/245
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2525   Translation at a client

H04L 61/2539   Hiding addresses; Keeping a...

H04L 63/0407   wherein the identity of one...

H04L 63/1458   Denial of Service

System and method for protecting internet protocol addresses

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting internet protocol addresses

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links