Distributed denial of service congestion recovery using split horizon DNS
First Claim
Patent Images
1. A method for congestion recovery of a local network during a denial of service attack, comprising:
- creating a split horizon zone on a hardware server, wherein the split horizon zone comprises a fictitious zone, and wherein the fictitious zone maps Internet Protocol (IP) addresses of a host to an address outside of the local network;
creating a general split horizon zone for non-malicious clients;
receiving and investigating a plurality of requests from a plurality of clients;
designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address;
assigning the client address to the fictitious zone;
altering the general split horizon zone to further limit malicious client access; and
routing network traffic from the malicious client to the address outside of the local network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for congestion recovery during a denial of service attack involves creating a split horizon zone on a server, where the split horizon zone includes a fictitious zone mapped to a fictitious address, receiving and investigating requests from clients, designating a malicious client based on investigating the requests, where the malicious client is associated with a client address, assigning the client address to the fictitious zone, and routing network traffic from the malicious client to the fictitious address.
-
Citations
18 Claims
-
1. A method for congestion recovery of a local network during a denial of service attack, comprising:
-
creating a split horizon zone on a hardware server, wherein the split horizon zone comprises a fictitious zone, and wherein the fictitious zone maps Internet Protocol (IP) addresses of a host to an address outside of the local network; creating a general split horizon zone for non-malicious clients; receiving and investigating a plurality of requests from a plurality of clients; designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address; assigning the client address to the fictitious zone; altering the general split horizon zone to further limit malicious client access; and routing network traffic from the malicious client to the address outside of the local network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for denial of service attack congestion recovery of a local network, comprising:
-
a plurality of clients with a processor comprising functionality to execute software instructions for sending a plurality of requests, wherein the plurality of requests comprise requests for a plurality of Internet Protocol (IP) addresses; a domain name system (DNS) server comprising a processor, and communicatively coupled to the plurality of clients and configured for; creating a split horizon zone, wherein the split horizon zone comprises a fictitious zone, and wherein the fictitious zone maps IP addresses of a host to an address outside of the local network, creating a general split horizon zone for non-malicious clients; receiving and investigating a plurality of requests from the plurality of clients, designating a malicious client from the plurality of clients based on investigating the plurality of requests, wherein the malicious client is associated with a client address, assigning the client address to the fictitious zone, altering the general split horizon zone to further limit malicious client access; and routing network traffic from the malicious client to the address outside of the local network; an intrusion detection system (IDS) communicatively coupled to the plurality of clients and the DNS server. - View Dependent Claims (10)
-
-
11. A non-transitory computer readable medium storing instructions for congestion recovery during a denial of service attack, the instructions comprising functionality to:
-
create a split horizon zone on a server, wherein the split horizon zone comprises a fictitious zone, and wherein the fictitious zone maps Internet Protocol (IP) addresses of a host to an address outside of the local network; create a general split horizon zone for non-malicious clients; receive and investigate a plurality of requests from a plurality of clients;
designate a malicious client from the plurality of clients based on investigating the plurality of requests;assign the address of the malicious client to the fictitious zone; alter the general split horizon zone to further limit malicious client access; and route network traffic from the malicious client to the address outside of the local network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification