Health monitor based distributed denial of service attack mitigation
First Claim
Patent Images
1. A method implemented by at least one hardware processor for mitigating a distributed denial of service (DDoS) event comprising:
- sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic;
ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request;
determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure;
attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event;
triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system;
sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit;
in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and
triggering direction of the network data traffic back to the collapsible virtual data circuit.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.
195 Citations
16 Claims
-
1. A method implemented by at least one hardware processor for mitigating a distributed denial of service (DDoS) event comprising:
-
sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic; ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request; determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure; attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event; triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system; sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit; in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and triggering direction of the network data traffic back to the collapsible virtual data circuit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for mitigating a DDoS event comprising:
-
a hardware processor; and a memory coupled to the hardware processor, the memory storing instructions executable by the hardware processor to perform a method comprising; sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic; ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request; determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure; redirects the network data traffic to one or more DDoS mitigation services; attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event; triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system; sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit; in response to the further request sent to the health monitor, receiving an indication form the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and triggering direction of the network data traffic back to the collapsible virtual data circuit. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by at least one processor to perform a method comprising:
-
sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic; ascertaining the health monitor has failed using, the failure being evidenced by the lack of a response to the request; determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure; attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event; triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system; sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit; in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and triggering direction of the network data traffic back to the collapsible virtual data circuit.
-
Specification