Methods and systems for mitigating attack traffic directed at a network element
First Claim
Patent Images
1. A method comprising:
- identifying, by an attack traffic mitigation system, a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device;
designating, by the attack traffic mitigation system, a subset of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device;
removing, by the attack traffic mitigation system after a predetermined amount of time subsequent to the subset of one or more ports being designated as being included in the legitimate port range, the subset of one or more ports from being included in the legitimate port range;
designating, by the attack traffic mitigation system, a new subset of one or more ports included in the range of open ports as being included in the legitimate port range, wherein the new subset of one or more ports includes at least one port not included in the subset of one or more ports; and
directing, by the attack traffic mitigation system, the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received,wherein the designating of the subset of one or more ports as being included in the legitimate port range and the designating of the new subset of one or more ports as being included in the legitimate port range each comprises negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range.
1 Assignment
0 Petitions
Accused Products
Abstract
An exemplary method includes an attack traffic mitigation system 1) identifying a range of ports left open by a firewall for a network element to receive network traffic provided by a computing device, 2) designating a subset of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive legitimate network traffic provided by the computing device, and 3) directing the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range. Corresponding methods and systems are also disclosed.
26 Citations
17 Claims
-
1. A method comprising:
-
identifying, by an attack traffic mitigation system, a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device; designating, by the attack traffic mitigation system, a subset of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device; removing, by the attack traffic mitigation system after a predetermined amount of time subsequent to the subset of one or more ports being designated as being included in the legitimate port range, the subset of one or more ports from being included in the legitimate port range; designating, by the attack traffic mitigation system, a new subset of one or more ports included in the range of open ports as being included in the legitimate port range, wherein the new subset of one or more ports includes at least one port not included in the subset of one or more ports; and directing, by the attack traffic mitigation system, the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received, wherein the designating of the subset of one or more ports as being included in the legitimate port range and the designating of the new subset of one or more ports as being included in the legitimate port range each comprises negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
identifying, by an attack traffic mitigation system, a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device; periodically designating, by the attack traffic mitigation system over a period of time, a plurality of different subsets of one or ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device in accordance with a randomized port selection heuristic, wherein only one subset of one or more ports included in the plurality of subsets of one or more ports is included in the legitimate port range at any given time; and directing, by the attack traffic mitigation system, the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received; wherein the periodically designating comprises designating a first subset of one or more ports included in the plurality of subsets of one or more ports as being included in the legitimate port range for a first predetermined amount of time, removing, in response to a completion of the first predetermined amount of time, the first subset of one or more ports from the legitimate port range, and designating, in response to the removing, a second subset of one or more ports included in the plurality of subsets of one or more ports as being included in the legitimate port range for a second predetermined amount of time, wherein the second subset of one or more ports includes at least one port not included in the first subset of one or more ports; and wherein the periodically designating of the plurality of different subsets of one or more ports as being included in the legitimate port range comprises negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range.
-
-
13. A system comprising:
-
at least one computing device including a processor and comprising; a detection facility circuitry configured to identify a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device; and a port management facility circuitry communicatively coupled to the detection facility circuitry and configured to designate a subset of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device, remove, after a predetermined amount of time subsequent to the subset of one or more ports being designated as being included in the legitimate port range, the subset of one or more ports from being included in the legitimate port range, designate a new subset of one or more ports included in the range of open ports as being included in the legitimate port range, wherein the new subset of one or more ports includes at least one port not included in the subset of one or more ports, and direct the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received, wherein the port management facility circuitry designates the subset of one or more ports as being included in the legitimate port range and designates the new subset of one or more ports as being included in the legitimate port range by negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer-readable medium comprising computer-executable instructions configured to direct at least one computing device to:
-
identify a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device; designate a subset of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device; remove, after a predetermined amount of time subsequent to the subset of one or more ports being designated as being included in the legitimate port range, the subset of one or more ports from being included in the legitimate port range; designate a new subset of one or more ports included in the range of open ports as being included in the legitimate port range, wherein the new subset of one or more ports includes at least one port not included in the subset of one or more ports; and direct the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received, wherein the designation of the subset of one or more ports as being included in the legitimate port range and the designation of the new subset of one or more ports as being included in the legitimate port range each comprises negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range.
-
-
17. A non-transitory computer-readable medium comprising computer-executable instructions configured to direct at least one computing device to:
-
identify a range of ports left open by a firewall for a network element to receive, by way of the firewall, network traffic provided by a computing device; periodically designate, over a period of time, a plurality of different subsets of one or more ports included in the range of open ports as being included in a legitimate port range configured to receive, by way of the firewall, legitimate network traffic provided by the computing device in accordance with a randomized port selection heuristic, wherein only one subset of one or more ports included in the plurality of subsets of one or more ports is included in the legitimate port range at any given time; and direct the network element to drop network traffic provided by the computing device and received by each port included in the range of open ports that is not included in the legitimate port range at a time that the network traffic is received; wherein the periodic designation comprises designating a first subset of one or more ports included in the plurality of subsets of one or more ports as being included in the legitimate port range for a first predetermined amount of time, removing, in response to a completion of the first predetermined amount of time, the first subset of one or more ports from the legitimate port range, and designating, in response to the removing, a second subset of one or more ports included in the plurality of subsets of one or more ports as being included in the legitimate port range for a second predetermined amount of time, wherein the second subset of one or more ports includes at least one port not included in the first subset of one or more ports; and wherein the periodic designation of the plurality of different subsets of one or more ports as being included in the legitimate port range comprises negotiating with the computing device to select the one or more ports for inclusion in the legitimate port range.
-
Specification