Switching network employing a user challenge mechanism to counter denial of service attacks
First Claim
1. An apparatus comprising:
- storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and
a processing circuitry coupled to the storage to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack.
5 Assignments
0 Petitions
Accused Products
Abstract
A communication infrastructure includes an intermediate routing node that routes a plurality of packets between a source device and a plurality of destination devices, a plurality of templates stored on the intermediate routing node and a service function. The intermediate routing node, e.g., a switch, router, access point, bridge, or gateway, identifies packets containing requests for a webpage, the requests being a service attack attempt by comparing the packet with the plurality of templates. Then, the intermediate routing node denies service attack by interacting with the server and client devices. That is, the intermediate routing node sends messages with challenge mechanism to the server, based on the response or otherwise, sends messages and anti-service attack downloads to the client devices and receives response.
-
Citations
20 Claims
-
1. An apparatus comprising:
-
storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and a processing circuitry coupled to the storage to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
utilizing a processor to compare packet traffic on a network with a primary template and data pertaining to prior traffic on the network; identifying a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template; utilizing the processor to compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template; triggering a service function from the processor by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processor operates in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus to operate as an intermediate node on a network comprising:
-
an interface to interface to the network; and a processing circuitry, coupled to a storage that stores a primary template and a secondary template, to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack. - View Dependent Claims (20)
-
Specification