Methods and systems for protecting a telecommunication service from Denial of Service (DoS) attack

US 8,180,032 B2
Filed: 05/11/2007
Issued: 05/15/2012
Est. Priority Date: 05/11/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of protecting a telephone number mapping server from a denial of service attack, the method comprising:

receiving a first call initiation request message associated with a first attempt to place a first exception call from an unregistered end user device;

determining that a behavior of making exception call attempts is excessive based on the first call initiation request message and based on a behavior of making call requests of the unregistered end user device;

inhibiting querying of a telephone number mapping server in connection with the first call initiation request message based on the determination that the behavior of making exception call attempts by the unregistered end user device is excessive;

storing a value in a database, the value indicating that making subsequent exception calls from the unregistered end user device is disabled;

receiving a second call initiation request message associated with a second attempt to place a second exception call from the unregistered end user device; and

inhibiting querying of the telephone number mapping server in connection with the second call initiation request message based on the value in the database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client of a telephone number mapping (ENUM) server is used to protect the ENUM server from a Denial of Service (DoS) attack. The DoS attack may comprise a plurality of attempts to place exception calls from one or more end user devices that are unregistered. The one or more end user devices may originate from a service provider network.

32 Citations

View as Search Results

18 Claims

1. A method of protecting a telephone number mapping server from a denial of service attack, the method comprising:
- receiving a first call initiation request message associated with a first attempt to place a first exception call from an unregistered end user device;
  
  determining that a behavior of making exception call attempts is excessive based on the first call initiation request message and based on a behavior of making call requests of the unregistered end user device;
  
  inhibiting querying of a telephone number mapping server in connection with the first call initiation request message based on the determination that the behavior of making exception call attempts by the unregistered end user device is excessive;
  
  storing a value in a database, the value indicating that making subsequent exception calls from the unregistered end user device is disabled;
  
  receiving a second call initiation request message associated with a second attempt to place a second exception call from the unregistered end user device; and
  
  inhibiting querying of the telephone number mapping server in connection with the second call initiation request message based on the value in the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the denial of service attack comprises a plurality of attempts to place exception calls from one or more end user devices that are unregistered.
  - 3. The method of claim 1 wherein protecting the telephone number mapping server further comprises:
    - receiving a third call initiation request message associated with a third attempt to place a third exception call from the unregistered end user device, wherein the third call initiation request is received before the first call initiation request; and
      
      querying the telephone number mapping server in response to the third call initiation request message.
  - 4. The method of claim 1 further comprising:
    - updating the value in the database, the updated value indicating that making subsequent exception calls from the unregistered end user device is re-enabled.
  - 5. The method of claim 1 further comprising:
    - determining a first behavior of making call attempts by the unregistered end user device over a first time period; and
      
      determining a second behavior of making call attempts by the unregistered end user device over a second time period, wherein the second time period differs from the first time period;
      
      wherein determining that the behavior of making exception call attempts of the unregistered end user device is excessive comprises determining that at least one of the first behavior and the second behavior is excessive.
  - 6. The method of claim 1 wherein determining that the behavior of making exception call attempts of the unregistered end user device is excessive comprises determining that a count of a number of call attempts made from the unregistered end user device over a time period is greater than or equal to a threshold value.
  - 7. The method of claim 1 wherein said determining that the behavior of making exception call attempts of the unregistered end user device is excessive comprises determining that a count of a number of call attempts made from the unregistered end user device to a particular callee over a time period is greater than or equal to a threshold value.
  - 8. The method of claim 1 further comprising:
    - sending an alarm message to a network operation center in response to determining that the behavior of making exception call attempts of the unregistered end user device is excessive.
  - 9. The method of claim 8, wherein the alarm message is sent to the network operations center to cause the network operations center to contact a user, a law enforcement agency, or any combination thereof.
  - 10. The method of claim 1, wherein the first exception call comprises a diagnostic call, a promotional call, a call for which provisioning is pending, a call for which porting is pending, or any combination thereof.

11. A system comprising:
- a processor; and
  
  a memory storing instructions executable by the processor to;
  
  receive a first call initiation request message associated with a first attempt to place a first exception call from an unregistered end user device;
  
  determine that a behavior of making exception call attempts is excessive based on the first call initiation request message and based on a behavior of making call requests of the unregistered end user device;
  
  inhibit querying of a telephone number mapping server in connection with the first call initiation request message based on the determination that the behavior of making exception call attempts by the unregistered end user device is excessive;
  
  store a value in a database, the value indicating that making subsequent exception calls from the unregistered end user device is disabled;
  
  receive a second call initiation request message associated with a second attempt to place a second exception call from the unregistered end user device; and
  
  inhibit querying of the telephone number mapping server in connection with the second call initiation request message based on the value in the database.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11 wherein the instructions are further executable by the processor to protect the telephone number mapping service from a denial of service attack, wherein the denial of service attack comprises a plurality of attempts to place exception calls from one or more end user devices that are unregistered.
  - 13. The system of claim 11 wherein the instructions are further executable by the processor to:
    - determine that the behavior of making exception call attempts is excessive further based on a first count representing a first number of call requests by the unregistered end user device to an authorized callee.
  - 14. The system of claim 11 wherein the database further stores counts of call request made by the unregistered end user device to each of a plurality of authorized callees during a plurality of time periods.
  - 15. The system of claim 11 wherein the database further stores a set of allowed device identifiers that identify which unregistered end user devices are allowed to initiate call requests.

16. A non-transitory computer-readable medium encoded with a computer program, the computer program operable to execute a method to protect a telephone number mapping server from a denial of service attack, wherein protecting the telephone number mapping server comprises:
- receiving a first call initiation request message associated with a first attempt to place a first exception call from an unregistered end user device to an authorized callee;
  
  determining that a behavior of making exception call attempts is excessive based on the first call initiation request message and based on a behavior of making call requests of the unregistered end user device, wherein the behavior of making call requests by the unregistered end user device is indicated at least in part by a first number of call requests to the authorized callee;
  
  inhibiting querying of a telephone number mapping server in connection with the first call initiation request based on the determination that the behavior of making exception calls by the unregistered end user device is excessivestoring a value in a database, the value indicating that making subsequent exception calls from the unregistered end user device is disabled;
  
  receiving a second call initiation request message associated with a second attempt to place a second exception call from the unregistered end user device; and
  
  inhibiting querying of the telephone number mapping server in connection with the second call initiation request based on the value in the database.
- View Dependent Claims (17, 18)
- - 17. The non-transitory computer-readable medium of claim 16, wherein protecting the telephone number mapping server further comprises:
    - receiving a third call initiation request message associated with a third attempt to place a third exception call from the unregistered end user device, wherein the third call initiation request is received before the first call initiation request; and
      
      querying the telephone number mapping server in response to the third call initiation request message.
  - 18. The non-transitory computer-readable medium of claim 16, wherein protecting the telephone number mapping server further comprises storing a set of timestamps of a last call request made by the unregistered end user device to each of the set of authorized callees.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Knowledge Ventures, L.P. (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Yasrebi, Mehrad, Ku, Bernard S., Qiu, Chaoxin Charles
Primary Examiner(s)
SHAH, ANTIM G

Application Number

US11/801,992
Publication Number

US 20080279362A1
Time in Patent Office

1,831 Days
Field of Search

379/44, 379/45, 379/188, 379/189, 379/221.06, 370/242, 370/352, 726/23
US Class Current

379/189
CPC Class Codes

H04L 2101/65   Telephone numbers

H04L 61/4511   using domain name system [DNS]

H04L 61/4557   Directories for hybrid netw...

H04L 63/1458   Denial of Service

H04M 7/0075   Details of addressing, dire...

H04M 7/0078   Security; Fraud detection; ...

Methods and systems for protecting a telecommunication service from Denial of Service (DoS) attack

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for protecting a telecommunication service from Denial of Service (DoS) attack

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links