Switching network employing a user challenge mechanism to counter denial of service attacks

US 8,259,727 B2
Filed: 06/28/2010
Issued: 09/04/2012
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and

a processing circuitry coupled to the storage to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication infrastructure includes an intermediate routing node that routes a plurality of packets between a source device and a plurality of destination devices, a plurality of templates stored on the intermediate routing node and a service function. The intermediate routing node, e.g., a switch, router, access point, bridge, or gateway, identifies packets containing requests for a webpage, the requests being a service attack attempt by comparing the packet with the plurality of templates. Then, the intermediate routing node denies service attack by interacting with the server and client devices. That is, the intermediate routing node sends messages with challenge mechanism to the server, based on the response or otherwise, sends messages and anti-service attack downloads to the client devices and receives response.

Citations

20 Claims

1. An apparatus comprising:
- storage to contain a plurality of templates and data pertaining to prior traffic on a network, the plurality of templates including at least a primary template and a secondary template; and
  
  a processing circuitry coupled to the storage to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the storage contains an enhanced version of one or more of the templates to monitor the traffic.
  - 3. The apparatus of claim 2, wherein the processing circuitry utilizes the enhanced version of the primary and secondary templates to perform the comparisons of the packet traffic.
  - 4. The apparatus of claim 1, wherein the storage contains a recent version of one or more of the templates to monitor the traffic.
  - 5. The apparatus of claim 4, wherein the processing circuitry utilizes the recent version of the primary and secondary templates to perform the comparisons of the packet traffic.
  - 6. The apparatus of claim 1, wherein the processing circuitry identifies the possibility of the service attack based on date and time associated with the packet traffic.
  - 7. The apparatus of claim 1, wherein the processing circuitry identifies the possibility of the service attack based on a statistical analysis.
  - 8. The apparatus of claim 1, wherein the processing circuitry uses the primary template to target a network address and the secondary template to target a web page request.
  - 9. The apparatus of claim 1, wherein the processing circuitry functions to address denial of service attack, when the processing circuitry identifies the service attack.
  - 10. The apparatus of claim 1, wherein the challenge to be sent is a human challenge.

11. A method comprising:
- utilizing a processor to compare packet traffic on a network with a primary template and data pertaining to prior traffic on the network;
  
  identifying a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template;
  
  utilizing the processor to compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template;
  
  triggering a service function from the processor by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processor operates in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein when comparing the packet traffic with the primary and secondary templates and data pertaining to prior traffic, the processor compares the packet traffic with an enhanced version of the primary and secondary templates.
  - 13. The method of claim 11, wherein when comparing the packet traffic with the primary and secondary templates and data pertaining to prior traffic, the processor compares the packet traffic with a recent version of the primary and secondary templates.
  - 14. The method of claim 11, wherein identifying the possibility of a service attack includes identifying based on date and time associated with the packet traffic.
  - 15. The method of claim 11, wherein identifying the possibility of a service attack includes identifying based on a statistical analysis.
  - 16. The method of claim 11, wherein the primary template to target a network address and the secondary template to target a web page request.
  - 17. The method of claim 11, further including performing a denial of service attack, when the service attack is identified.
  - 18. The method of claim 11, wherein triggering a service function challenge includes causing a human challenge to be sent.

19. An apparatus to operate as an intermediate node on a network comprising:
- an interface to interface to the network; and
  
  a processing circuitry, coupled to a storage that stores a primary template and a secondary template, to compare packet traffic on the network with the primary template and the prior traffic data, to identify a possibility of a service attack based on an unusually high frequency of packet traffic on the network that match the primary template, compare the unusually high frequency of packet traffic that match the secondary template after matching the primary template, and to trigger a service function by causing a challenge to be sent to a respective client device coupled to the network when the unusually high frequency of packet traffic match both the primary template and the secondary template, wherein the processing circuitry and the storage to operate in an intermediate node to monitor traffic between a server and a plurality of client devices to identify the service attack.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the primary template to target a network address and the secondary template to target a web page request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Bennett, James D.
Primary Examiner(s)
PARK, JUNG H

Application Number

US12/824,960
Publication Number

US 20100269177A1
Time in Patent Office

799 Days
Field of Search

370/392, 370/400, 726/23, 709/224
US Class Current

370/392
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

Switching network employing a user challenge mechanism to counter denial of service attacks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Switching network employing a user challenge mechanism to counter denial of service attacks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links