Prevention of bandwidth congestion in a denial of service or other internet-based attack

US 7,301,899 B2
Filed: 01/31/2001
Issued: 11/27/2007
Est. Priority Date: 01/31/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for preventing bandwidth congestion on a network, said method comprising:

providing a destination site router connected to a destination site locally and also to an Internet connection;

providing a plurality of origin site routers one or many of which may be connected to an attacking site, wherein each of said plurality of origin site routers has a respective address associated with it;

providing connectivity between said origin and destination site routers to the Internet or other wide area networks (WAN), but allowing addresses not corresponding to said attacking site access to the Internet or other WAN;

detecting a bandwidth congestion at said destination site router, wherein said bandwidth congestion originates at said attacking site;

informing said origin site router and other intermediate routers within the Internet, or other WAN, of said bandwidth congestion and of an attacking address corresponding to said attacking site from which said bandwidth congestion originated, wherein said attacking address is determined from a request packet received from said attacking site;

preventing said attacking address corresponding to said attacking site from being used to gain access to the Internet or other WAN.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for preventing a Denial of Service attack directed at a target that is hosted on a server. The attack is detected and the IP address of the source client of the attack is identified. The IP address of the source of the attack is then communicated upstream to router devices close to the attacking source and the attacker is prevented from further attacks until it is determined that the attacker poses no threat. The detection of the attack and the communication of the identity of the attacker to upstream routers is performed automatically or by human intervention.

115 Citations

14 Claims

1. A method for preventing bandwidth congestion on a network, said method comprising:
- providing a destination site router connected to a destination site locally and also to an Internet connection;
  
  providing a plurality of origin site routers one or many of which may be connected to an attacking site, wherein each of said plurality of origin site routers has a respective address associated with it;
  
  providing connectivity between said origin and destination site routers to the Internet or other wide area networks (WAN), but allowing addresses not corresponding to said attacking site access to the Internet or other WAN;
  
  detecting a bandwidth congestion at said destination site router, wherein said bandwidth congestion originates at said attacking site;
  
  informing said origin site router and other intermediate routers within the Internet, or other WAN, of said bandwidth congestion and of an attacking address corresponding to said attacking site from which said bandwidth congestion originated, wherein said attacking address is determined from a request packet received from said attacking site;
  
  preventing said attacking address corresponding to said attacking site from being used to gain access to the Internet or other WAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1, wherein said informing is performed automatically by said destination router.
  - 3. A method in accordance with claim 1, wherein said informing is performed by human intervention.
  - 4. A method in accordance with claim 1 further comprising:
    - informing a plurality of remote routers connected to the Internet of said attacking address.
  - 5. A method in accordance with claim 1, wherein said preventing is performed for a predetermined amount of time during which it is determined whether said attacking site is attempting to cause said bandwidth congestion and said attacking site is permitted to gain access to the Internet if it is determined that said attacking site is not attempting to cause said bandwidth congestion.
  - 6. A method in accordance with claim 1, wherein said preventing is performed until a human administrator intervenes after determining whether said attacking site should be permitted to gain access to the Internet.
  - 7. The method in accordance with claim 1, wherein said attacking address corresponding to said attacking site is prevented from being used to gain access to the Internet or other WAN using an access list on said origin site router and other intermediate routers.

8. A network system that prevents bandwidth congestion on a network, said system comprising:
- an origin client router connected to a plurality of clients through an Internet connection, said plurality of clients including an attacking client, and wherein each of said plurality of clients has a respective address associated with it;
  
  a destination site router connected to a destination server, said destination site router or firewall or client further comprising a bandwidth congestion detector operable to detect a bandwidth congestion condition and a communication device operable to communicate said bandwidth congestion condition and said addresses to said plurality of clients;
  
  a router-router connection between said origin client router and said destination site router, wherein said router-router connection provides a discrete amount of access bandwidth by which said client router and said destination site router can pass data traffic back and forth to each other;
  
  wherein said bandwidth congestion detector detects a bandwidth congestion condition originating at said attacking client and directed to said destination server and automatically informs said origin client router of said attacking client'"'"'s respective address, and wherein further, said origin client router prevents said address of said attacking client from causing further bandwidth congestion, but allows legitimate client address access to the Internet connection, wherein said attacking client'"'"'s respective address is determined from a request packet received from said attacking client.
- View Dependent Claims (9, 10)
- - 9. A system in accordance with claim 8, wherein said destination site router further informs a plurality of other intermediate routers within the Internet or shared WAN routers in addition to said origin client router.
  - 10. A system in accordance with claim 8, wherein said origin client router prevents said address of said attacking client from gaining access to the router-router connection until such a time when it is determined that said attacking client is no longer attempting to cause bandwidth congestion.

11. A method for preventing bandwidth congestion on a network, said method comprising:
- providing a destination site router connected to a destination site locally and also to an Internet connection;
  
  providing a plurality of origin site routers one or many of which may be connected to an attacking site, wherein each of said plurality of sites has a respective address associated with it;
  
  providing connectivity between said origin and destination routers to the Internet or other wide area networks (WAN);
  
  detecting a bandwidth congestion at a firewall connected to said destination site router, wherein said bandwidth congestion originates at said attacking site;
  
  informing said origin site router and other intermediate routers within the Internet, or other WAN, of said bandwidth congestion and of an attacking address corresponding to said attacking site from which said bandwidth congestion originated, wherein said attacking address is determined from a request packet received from said attacking site;
  
  preventing said attacking address corresponding to said attacking site from being used to gain access to the Internet or other WAN, but allowing legitimate addresses access to the Internet or other WAN.

12. A method for preventing bandwidth congestion on a network, said method comprising:
- providing a destination site router connected to a destination site locally and also to an Internet connection;
  
  providing a plurality of origin site routers one or many of which may be connected to an attacking site, wherein each of said plurality of sites has a respective address associated with it;
  
  providing connectivity between said origin and destination routers to the Internet or other wide area networks (WAN);
  
  detecting a bandwidth congestion at said destination site, wherein said bandwidth congestion originates at said attacking site;
  
  informing said origin site router and other intermediate routers within the Internet, or other WAN, of said bandwidth congestion and of an attacking address corresponding to said attacking site from which said bandwidth congestion originated, wherein said attacking address is determined from a request packet received from said attacking site;
  
  preventing said attacking address corresponding to said attacking site from being used to gain access to the Internet or other WAN, but allowing legitimate addresses access to the Internet or other WAN.

13. A network system that prevents bandwidth congestion on a network, said system comprising:
- an origin client router connected to a plurality of clients through an Internet connection, said plurality of clients including an attacking client, and wherein each of said plurality of clients has a respective address associated with it;
  
  a destination site router connected to a destination server;
  
  a firewall connected to said destination server, said firewall comprising a bandwidth congestion detector operable to detect a bandwidth congestion condition and a communication device operable to communicate said bandwidth congestion condition and said addresses to said plurality of clients;
  
  a router-router connection between said origin client router and said destination site router, wherein said router-router connection provides a discrete amount of access bandwidth by which said client router and said destination site router can pass data traffic back and forth to each other;
  
  wherein said bandwidth congestion detector detects a bandwidth congestion condition originating at said attacking client and directed to said destination server and automatically informs said origin client router of said attacking client'"'"'s respective address, and wherein further, said origin client router prevents said address of said attacking client from causing further bandwidth congestion, but allows legitimate clients access to the Internet connection, wherein said attacking client'"'"'s respective address is determined from a request packet received from said attacking client.

14. A network system that prevents bandwidth congestion on a network, said system comprising:
- an origin client router connected to a plurality of clients through an Internet connection, said plurality of clients including an attacking client, and wherein each of said plurality of clients has a respective address associated with it;
  
  a destination site router connected to a destination server, said destination server comprising a bandwidth congestion detector operable to detect a bandwidth congestion condition and a communication device operable to communicate said bandwidth congestion condition and said addresses to said plurality of clients;
  
  a router-router connection between said origin client router and said destination site router, wherein said router-router connection provides a discrete amount of access bandwidth by which said client router and said destination site router can pass data traffic back and forth to each other;
  
  wherein said bandwidth congestion detector detects a bandwidth congestion condition originating at said attacking client and directed to said destination server and automatically informs said origin client router of said attacking client'"'"'s respective address, and wherein further, said origin client router prevents said address of said attacking client from causing further bandwidth congestion, but allows legitimate client(s) access to the Internet connection, wherein said attacking client'"'"'s respective address is determined from a request packet received from said attacking client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mavenir Ltd. (Mavenir Group Holdings Ltd.)
Original Assignee
Comverse Limited (Mavenir Group Holdings Ltd.)
Inventors
Goldstone, Jonathan S
Primary Examiner(s)
Pham; Chi
Assistant Examiner(s)
Hyun; Soon D.

Application Number

US09/774,102
Publication Number

US 20020101819A1
Time in Patent Office

2,491 Days
Field of Search

370/221, 370/230, 370/232, 370/233, 370/235, 370/236, 370/237, 370/389
US Class Current

370/230
CPC Class Codes

H04L 47/10 Flow control; Congestion co...

H04L 63/1458 Denial of Service

Prevention of bandwidth congestion in a denial of service or other internet-based attack

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Prevention of bandwidth congestion in a denial of service or other internet-based attack

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others