Mitigating network attacks
First Claim
1. A content delivery system comprising:
- a point of presence (“
POP”
) comprising a plurality of computing devices, the point of presence configured to retrieve content requests and transmit, in response to the content requests, a plurality of sets of content;
a domain name system (“
DNS”
) server comprising one or more processors configured with specific computer-executable instructions to retrieve requests for network addresses of individual sets of content on the content delivery system, and to respond to the requests with network addresses identifying computing devices from the POP at which the individual sets of content may be accessed; and
one or more computing devices implementing an attack mitigation service, the one or more computing devices configured with specific computer-executable instructions to;
detect a network attack on the POP, wherein the network attack is directed to a combination of network addresses, including at least two different network addresses, utilized by the POP;
identify, based at least in part on the combination of network addresses, a first set of content, from the plurality of sets of content, as a target of the network attack;
identify, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; and
segregate traffic associated with the first and second sets of content at least partly by transmitting instructions to the DNS server to provide, in response to requests to resolve an identifier of the first set of content, network addresses associated with a second POP of the content delivery system.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
-
Citations
20 Claims
-
1. A content delivery system comprising:
-
a point of presence (“
POP”
) comprising a plurality of computing devices, the point of presence configured to retrieve content requests and transmit, in response to the content requests, a plurality of sets of content;a domain name system (“
DNS”
) server comprising one or more processors configured with specific computer-executable instructions to retrieve requests for network addresses of individual sets of content on the content delivery system, and to respond to the requests with network addresses identifying computing devices from the POP at which the individual sets of content may be accessed; andone or more computing devices implementing an attack mitigation service, the one or more computing devices configured with specific computer-executable instructions to; detect a network attack on the POP, wherein the network attack is directed to a combination of network addresses, including at least two different network addresses, utilized by the POP; identify, based at least in part on the combination of network addresses, a first set of content, from the plurality of sets of content, as a target of the network attack; identify, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; and segregate traffic associated with the first and second sets of content at least partly by transmitting instructions to the DNS server to provide, in response to requests to resolve an identifier of the first set of content, network addresses associated with a second POP of the content delivery system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method comprising:
-
detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of network addresses, including at least two different network addresses, utilized by the one or more computing devices, and wherein the one or more computing devices provide access to a plurality of sets of content; identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of network addresses to which the attack is directed; identifying, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; and mitigating the network attack based at least in part on segregating traffic associated with the first and second sets of content, wherein segregating the traffic comprises transmitting instructions to a resolution server of the content delivery system to provide, in response to requests to resolve an identifier of the first set of content, a second combination of network addresses associated with one or more alternative computing devices on the content delivery system. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. Non-transitory computer-readable media comprising computer-executable instructions that, when executed by a computing system, cause the computing system to:
-
detect a network attack on a content delivery system, wherein the network attack is directed to a combination of addressing information sets, including at least two different addressing information sets, utilized by one or more computing devices of the content delivery system, and wherein the one or more computing devices provide access to a plurality of sets of content; identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; identify, based at least in part on the combination addressing information sets, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; receive a request from an accessing computing device to resolve an identifier of the first set of content; based at least partly on identifying the first set of content as the target of the network attack, determine a second combination of addressing information sets to include within a response to the request, wherein the combination of addressing information sets are associated with one or more alternative computing devices on the content delivery system; and transmit the second combination of network addresses to the accessing computing device in response to the request. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification