Providing continuing service for a third-party network site during adverse network conditions

US 8,042,171 B1
Filed: 03/30/2007
Issued: 10/18/2011
Est. Priority Date: 03/27/2007
Status: Active Grant

First Claim

Patent Images

1. A system configured to provide a network protection service for providing protective assistance to multiple subscribing hosts during times that one or more of the multiple subscribing hosts experiences adverse network conditions, the system comprising:

one or more processing devices;

a network connection configured to communicatively couple the system to the multiple subscribing hosts via a network;

a data store configured to store cached information for each of the multiple subscribing hosts; and

one or more modules that are provided by at least one of the one or more processing devices and that are configured to provide the network protection service for the multiple subscribing hosts by, for each of the multiple subscribing hosts;

obtaining information from the subscribing host for use in configuring protective assistance provided by the network protection service to the subscribing host, the obtained information including a specified set of rules that are specific to the subscribing host and that are for use in filtering network traffic for the subscribing host, at least one of the rules in the specified set indicating how to use the stored cached information for the subscribing host; and

monitoring for an adverse network condition for the subscribing host and, upon detecting that condition, providing protective assistance to the subscribing host by;

causing network traffic directed to the subscribing host to be rerouted to the network protection service;

determining whether a request in the rerouted network traffic is requesting information from the subscribing host that corresponds to the stored cached information for the subscribing host and if so, determining whether the at least one rules in the specified set for the subscribing host indicate to use the stored cached information for the subscribing host to respond to the request;

responding to the request on behalf of the subscribing host with the cached information only if it is determined that the at least one rules in the specified set for the subscribing host indicate to use the stored cached information for the subscribing host to respond to the request; and

forwarding a portion of the rerouted network traffic to the subscribing host, wherein the forwarded portion of the rerouted network traffic does not include the request corresponding to the cached information in the data store if the responding to the request is performed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing protective assistance to a network site is presented. As implemented by a network protection service communicatively coupled to the network site via a network, the method comprises monitoring for a condition to provide protective assistance to the network site. Upon detecting that condition, the method includes causing network traffic directed to the network site be rerouted to the network protection service. Further still, determination is made as to whether a request in the rerouted network traffic corresponds to a request for information cached in a data store and, if so, responding with the cached information from the data store. Yet further, a portion of the rerouted network traffic is forwarded to the network site, the forwarded rerouted network traffic not including the request for cached information found in the data store.

100 Citations

View as Search Results

14 Claims

1. A system configured to provide a network protection service for providing protective assistance to multiple subscribing hosts during times that one or more of the multiple subscribing hosts experiences adverse network conditions, the system comprising:
- one or more processing devices;
  
  a network connection configured to communicatively couple the system to the multiple subscribing hosts via a network;
  
  a data store configured to store cached information for each of the multiple subscribing hosts; and
  
  one or more modules that are provided by at least one of the one or more processing devices and that are configured to provide the network protection service for the multiple subscribing hosts by, for each of the multiple subscribing hosts;
  
  obtaining information from the subscribing host for use in configuring protective assistance provided by the network protection service to the subscribing host, the obtained information including a specified set of rules that are specific to the subscribing host and that are for use in filtering network traffic for the subscribing host, at least one of the rules in the specified set indicating how to use the stored cached information for the subscribing host; and
  
  monitoring for an adverse network condition for the subscribing host and, upon detecting that condition, providing protective assistance to the subscribing host by;
  
  causing network traffic directed to the subscribing host to be rerouted to the network protection service;
  
  determining whether a request in the rerouted network traffic is requesting information from the subscribing host that corresponds to the stored cached information for the subscribing host and if so, determining whether the at least one rules in the specified set for the subscribing host indicate to use the stored cached information for the subscribing host to respond to the request;
  
  responding to the request on behalf of the subscribing host with the cached information only if it is determined that the at least one rules in the specified set for the subscribing host indicate to use the stored cached information for the subscribing host to respond to the request; and
  
  forwarding a portion of the rerouted network traffic to the subscribing host, wherein the forwarded portion of the rerouted network traffic does not include the request corresponding to the cached information in the data store if the responding to the request is performed.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the one or more modules configured to provide the network protection service are further configured to receive from one of the multiple subscribing hosts a response to the portion of the rerouted network traffic that is forwarded to the one subscribing host and to forward the response to a recipient on the network.
  - 3. The system of claim 2 wherein the one or more modules are further configured to provide an analysis server to analyze the rerouted network traffic and the response from the one subscribing host to identify additional information that may be cached by the data store, and to cache the identified additional information in the data store in an area associated with the one subscribing host.
  - 4. The system of claim 1 wherein the one or more modules configured to provide the network protection service are further configured to filter the rerouted network traffic for each of the multiple subscribing hosts in a manner specific to that subscribing host by using the specified set of rules for that subscribing host, and wherein the portion of the rerouted network traffic that is forwarded to each of the multiple subscribing hosts is the filtered network traffic for that subscribing host.

5. A system configured to provide a network protection service for providing protective services on behalf of multiple subscribing hosts during times of adverse network conditions, the system comprising:
- one or more processing devices;
  
  a network connection configured to communicatively connect the system to the multiple subscribing hosts via a network;
  
  a data store configured to store cached information for each of the multiple subscribing hosts and to store profile information corresponding to the multiple subscribing hosts, the profile information including, for each of at least some of the multiple subscribing hosts, a set of rules for filtering network traffic for the subscribing host; and
  
  one or more modules that are provided by at least one of the one or more processing devices and that are configured to provide the network protection service by;
  
  obtaining information specific to a first of the multiple subscribing hosts for use in configuring protective assistance provided by the network protection service to the first subscribing host, the obtained information including a specified set of rules that are specific to the first subscribing host and that are for use in filtering network traffic for the first subscribing host, at least one of the rules in the specified set indicating how to use the stored cached information for the first subscribing host;
  
  storing the obtained information for the first subscribing host on the data store as part of the profile information;
  
  monitoring for an adverse network condition to provide protective services to the first subscribing host, and upon detecting the condition, causing network traffic directed to the first subscribing host to be rerouted to the network protection service for processing;
  
  filtering the rerouted network traffic according to the specified set of rules for the first subscribing host, the filtering including identifying a rerouted network communication corresponding to a request for information from the first subscribing host that is part of the stored cached information for the first subscribing host and including determining that the at least one rules in the specified set for the first subscribing host indicate to use the stored cached information for the first subscribing host to respond to the request;
  
  responding to the request with the stored cached information for the first subscribing host; and
  
  forwarding a portion of the filtered rerouted network traffic to the first subscribing host, wherein the forwarded portion of the rerouted network traffic does not include the rerouted network communication corresponding to the request.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5, wherein the one or more modules configured to provide the network protection service are further configured to receive a response to the forwarded rerouted network traffic from the first subscribing host and to forward the response to a recipient on the network.
  - 7. The system of claim 6 wherein the one or more modules are further configured to provide an analysis server that analyzes the rerouted network traffic and the response from the first subscribing host to identify additional information that may be cached by the data store, and caches the identified additional information in the data store for the first subscribing host.

8. A method for providing protective assistance to a network site, implemented by a network protection service communicatively coupled to the network site via a network, the method comprising:
- for each of multiple network sites, obtaining information specific to the network site for use in configuring protective assistance provided by the network protection service to the network site, the obtained information including a specified set of rules for use in filtering network traffic for the network site, at least one of the rules in the specified set indicating how to use cached information for the network site; and
  
  automatically providing the protective assistance to the multiple network sites, the automatic providing being performed by one or more configured processing devices of the network protection service and including, for each of the multiple network sites, monitoring for a condition to provide protective assistance to the network site and including, upon detecting that condition;
  
  causing network traffic directed to the network site to be rerouted to the network protection service;
  
  filtering a first group of the rerouted network traffic to identify and remove a portion of the rerouted network traffic for which responses will not be provided, the filtering being performed based at least in part on the specified set of rules for the network site;
  
  forwarding a portion of the filtered first group of the rerouted network traffic to the network site;
  
  receiving responses from the network site to the forwarded portion of the rerouted network traffic, and forwarding the received responses to one or more recipients on the network;
  
  storing one or more of the received responses from the network site in a cache in a data store;
  
  filtering a second group of the rerouted network traffic, the filtering of the second group including determining that a request in the second group of the rerouted network traffic corresponds to information that is part of the one or more responses stored in the cache in the data store, and including determining that the at least one rules in the specified set for the network site indicate to use the stored responses for the network site to respond to the request;
  
  responding to the request using at least on of the stored one or more responses from the cache in the data store; and
  
  forwarding a portion of the filtered second group of the rerouted network traffic to the network site that does not include the request.
- View Dependent Claims (9)
- - 9. The method of claim 8 further comprising analyzing the rerouted network traffic and the received responses from the network site to identify the one or more responses to be stored in the cache in the data store.

10. A computer-implemented method for a network protection service communicatively coupled to a network site via a network to provide protective assistance to the network site, the method comprising:
- obtaining information specific to the network site for use in configuring protective assistance provided by the network protection service to the network site, the obtained information including a specified set of rules that are specific to the network site and that are for use in filtering network traffic for the network site;
  
  monitoring for a condition to provide the protective assistance to the network site, the monitoring being performed by one or more configured computing devices of the network protection service; and
  
  upon detecting the monitored-for condition,causing network traffic directed to the network site to be rerouted to the network protection service;
  
  filtering the rerouted network traffic according to the specified set of rules specific to the network site, the filtering being performed by the one or more configured computing devices and including identifying a rerouted network communication corresponding to a request for information from the network site that is part of cached information stored by the network protection service and including determining that at least one of the rules in the specified set for the network site indicate to use the stored cached information to respond to the request;
  
  responding to the request with the stored cached information for the network site; and
  
  forwarding a portion of the filtered rerouted network traffic to the network site that does not include the rerouted network communication corresponding to the request, the forwarding being performed by the one or more configured computing devices.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 further comprising receiving responses to the forwarded rerouted network traffic from the network site and forwarding the responses to one or more recipients on the network.
  - 12. The method of claim 11 further comprising analyzing the rerouted network traffic and the responses from the network site to identify information that may be cached by the data store and caching the identified information in the data store in an area associated with the network site.
  - 13. The method of claim 11 further comprising logging the forwarded rerouted network traffic and the responses from the network site, and analyzing the logged network traffic and responses to identify information that may be cached by the data store and caching the identified information in the data store in an area associated with the network site.
  - 14. The method of claim 13, wherein analyzing the logged network traffic and responses is performed asynchronously to forwarding the filtered rerouted network traffic to the network site and forwarding responses to the filtered rerouted network traffic to a recipient on the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Bodell, Colin, Woods, Craig A., Nordstrom, Paul G.
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US11/694,824
Time in Patent Office

1,663 Days
Field of Search

726/13, 726/23, 726/11
US Class Current

726/13
CPC Class Codes

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Providing continuing service for a third-party network site during adverse network conditions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Providing continuing service for a third-party network site during adverse network conditions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others