Method and apparatus to control application messages between client and a server having a private network address

US 8,670,316 B2
Filed: 12/28/2006
Issued: 03/11/2014
Est. Priority Date: 12/28/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method to control communication traffic in a communication network, said traffic comprising application-level messages between a client and a server having a private network address, comprising the steps of:

receiving from said client a request message sent to a first public network address associated with said private network address of said server;

processing said request message at an intermediate logic unit logically positioned between said client and said server;

receiving an alert signal indicating a malicious internet attack of said server at said intermediate logic unit; and

, upon receipt of said alert signal;

mapping said private network address of said server to a second public network address at said intermediate logic unit;

instructing said client to send said request message to said second public network address; and

routing to said server only request messages directed to said second public network address,wherein, before the step of receiving said request message, a step of hiding said private network address of said server is performed by mapping said first public network address to said private network address of said server at said intermediate logic unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to control communication traffic in a communication network. The traffic includes application-level messages between a client and a server having a private network address. The method includes the steps of: sending by the client a request message requesting a service to the server using a first public network address associated with the server; processing the request message at an intermediate logic unit logically positioned between the client and the server; and receiving an alert signal at the intermediate unit. Upon receipt of said alert signal, the method provides for: mapping the private network address of the server to a second public network address associated with the server; and instructing the client to send the request message to the second public network address of the server, routing to the server only request messages directed to the second public network address.

Citations

19 Claims

1. A method to control communication traffic in a communication network, said traffic comprising application-level messages between a client and a server having a private network address, comprising the steps of:
- receiving from said client a request message sent to a first public network address associated with said private network address of said server;
  
  processing said request message at an intermediate logic unit logically positioned between said client and said server;
  
  receiving an alert signal indicating a malicious internet attack of said server at said intermediate logic unit; and
  
  , upon receipt of said alert signal;
  
  mapping said private network address of said server to a second public network address at said intermediate logic unit;
  
  instructing said client to send said request message to said second public network address; and
  
  routing to said server only request messages directed to said second public network address,wherein, before the step of receiving said request message, a step of hiding said private network address of said server is performed by mapping said first public network address to said private network address of said server at said intermediate logic unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method to control communication traffic according to claim 1, wherein said step of instructing said client to send said request message to said second public network address comprises a step of transmitting a redirection message to said client containing said second public network address of said server.
  - 3. The method to control communication traffic according to claim 2, wherein the step of transmitting a redirection message to said client is performed upon receipt of a request message by said intermediate logic unit.
  - 4. The method to control communication traffic according to claim 2, wherein said redirection message is a message comprising the second public network address of said server.
  - 5. The method to control communication traffic according to claim 1, wherein said step of routing to said server only said request message directed to said second public network address uses a network address translator mechanism.
  - 6. The method to control communication traffic according to claim 1, comprising, after the step of hiding said private network address of said server, a step of routing to said server, request messages directed to said first public network address.
  - 7. The method to control communication traffic according to claim 6, wherein said step of routing to said server said request messages directed to said first public network address uses a network address translator mechanism.
  - 8. The method to control communication traffic according to claim 1, wherein said communication network is a wide-area network.
  - 9. The method to control communication traffic according to claim 1, wherein said first and second public network addresses are public internet protocol addresses.
  - 10. The method to control communication traffic according to claim 1, wherein said private network address is a private internet protocol address.
  - 11. The method to control communication traffic according to claim 1, wherein said intermediate logic unit is a network-layer unit.
  - 12. The method to control communication traffic according to claim 1, further comprising, before the step of receiving an alert signal, a step of generating an alert signal as a result of an event detection.
  - 13. The method to control communication traffic according to claim 1, wherein said application-level messages are session initiation protocol request messages.
  - 14. The method to control communication traffic according to claim 1, wherein said redirection message is a session initiation protocol redirect message.
  - 15. The method to control communication traffic according to claim 1, wherein said request message is a hypertext transfer protocol request message.
  - 16. The method to control communication traffic according to claim 1, wherein said server is a web server.

17. A system for controlling communication traffic in a communication network, said traffic comprising application-level messages, comprising:
- a server having a private network address;
  
  a client configured to transmit a request message to a first public network address associated with said private network address of said server;
  
  an intermediate logic unit logically positioned between the client and the server, said intermediate logic unit configured to;
  
  before receiving said request message from said client, hide said private network address of said server by mapping said first public network address to said private network address of said server; and
  
  receive and process said request message; and
  
  an event detector capable of detecting an event and sending an alert signal indicating a malicious internet attack of said server to said intermediate logic unit,wherein said intermediate logic unit is configured so as, upon receipt of said alert signal indicating the malicious internet attack of said server, to map said private network address of said server to a second public network address, to send an instruction to said client to send said request message to said second public network address and to route to said server only request messages directed to said second public network address.
- View Dependent Claims (18, 19)
- - 18. The system according to claim 17, wherein said instruction to said client to send said request message to said second public network address is a redirect message.
  - 19. The system according to claim 17, wherein said intermediate logic unit is configured to hide said private network address of said server by mapping said first public network address of said server to said private network address of said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
De Lutiis, Paolo, Viale, Luca, Pistillo, Vito
Primary Examiner(s)
Rinehart, Mark
Assistant Examiner(s)
ANWAR, MOHAMMAD S

Application Number

US12/448,646
Publication Number

US 20110019547A1
Time in Patent Office

2,630 Days
Field of Search

370/230, 370/231, 370/235
US Class Current

370/231
CPC Class Codes

H04L 61/2564   for a higher-layer protocol...

H04L 61/50   Address allocation

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

Method and apparatus to control application messages between client and a server having a private network address

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to control application messages between client and a server having a private network address

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links