Distributed denial of service cellular signaling

US 9,900,343 B1
Filed: 01/05/2015
Issued: 02/20/2018
Est. Priority Date: 01/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing a mobile signaling channel during a Distributed Denial of Service (DDoS) attack on a network machine or a network resource, the method comprising:

determining, by a processor, whether a capacity of a primary signaling channel associated with a DDoS device protecting upstream data communications in a communication network serving the network machine or the network resource is below a predetermined threshold capacity, wherein the predetermined threshold capacity is measured in data packets per unit of time or throughput;

based on a determination that the capacity of the primary signaling channel associated with the DDoS device is below the predetermined threshold capacity, determining, by the processor, that the DDoS device is unavailable to signal, via the primary signaling channel, that a DDoS attack directed to the network machine or the network resource is in progress;

based on unavailability of the DDoS device to signal the DDoS attack via the primary signaling channel, activating, by the processor, a secondary signaling channel for the DDoS device, the secondary signaling channel being a mobile signaling channel provided using a mobile device communicatively coupled to the DDoS device;

sending, by the mobile device, notification of the DDoS attack to a Threat Protection System (TPS) via the secondary signaling channel; and

in response to the sending of the notification, triggering, by the Threat Protection System, at least one DDoS protective measure, wherein the at least one DDoS protective measure includes at least one of passing data packets addressed to one of an attacked network machine and an attacked network resource through traffic filters, dropping a malicious data packet, resetting a connection, blocking a data packet received from an offending Internet Protocol address, and unfragmenting data packet streams.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods and systems for providing a mobile signaling channel during a distributed denial of service (DDoS) attack. An example method for providing a mobile signaling channel during a DDoS attack may include communicatively coupling a mobile device to a DDoS device protecting upstream data communications during the DDoS attack. The mobile device may be operable to signal the DDoS attack via the mobile signaling channel. Furthermore, the method may include determining that a capacity of a primary signaling channel associated with the DDoS device is below a predetermined threshold capacity. The method may further include activating signaling of the DDoS attack by the mobile device via the mobile signaling channel. The activation may be performed based on the determination that the capacity of the primary signaling channel associated with the DDoS device is below the predetermined threshold capacity.

200 Citations

16 Claims

1. A method for providing a mobile signaling channel during a Distributed Denial of Service (DDoS) attack on a network machine or a network resource, the method comprising:
- determining, by a processor, whether a capacity of a primary signaling channel associated with a DDoS device protecting upstream data communications in a communication network serving the network machine or the network resource is below a predetermined threshold capacity, wherein the predetermined threshold capacity is measured in data packets per unit of time or throughput;
  
  based on a determination that the capacity of the primary signaling channel associated with the DDoS device is below the predetermined threshold capacity, determining, by the processor, that the DDoS device is unavailable to signal, via the primary signaling channel, that a DDoS attack directed to the network machine or the network resource is in progress;
  
  based on unavailability of the DDoS device to signal the DDoS attack via the primary signaling channel, activating, by the processor, a secondary signaling channel for the DDoS device, the secondary signaling channel being a mobile signaling channel provided using a mobile device communicatively coupled to the DDoS device;
  
  sending, by the mobile device, notification of the DDoS attack to a Threat Protection System (TPS) via the secondary signaling channel; and
  
  in response to the sending of the notification, triggering, by the Threat Protection System, at least one DDoS protective measure, wherein the at least one DDoS protective measure includes at least one of passing data packets addressed to one of an attacked network machine and an attacked network resource through traffic filters, dropping a malicious data packet, resetting a connection, blocking a data packet received from an offending Internet Protocol address, and unfragmenting data packet streams.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the mobile device is communicatively coupled to the DDoS device through at least one of the following:
    - a wireless connection, a Universal Serial Bus (USB) connection, and a Peripheral Component Interconnect (PCI) connection.
  - 3. The method of claim 1, wherein the sending notification of the DDoS attack to the Threat Protection System is via the primary signaling channel.
  - 4. The method of claim 1, wherein the sending notification of the DDoS attack via the mobile signaling channel is in tandem with a primary sending notification of the DDoS attack via the primary signaling channel.
  - 5. The method of claim 1, wherein the sending notification indicates to the Threat Protection System (TPS) that the DDoS attack is in progress.
  - 6. The method of claim 5, wherein the TPS includes customer premise equipment installed at a customer site.
  - 7. The method of claim 5, wherein the TPS includes a cloud-based system.
  - 8. The method of claim 1, wherein the mobile signaling channel includes at least one of the following:
    - a cellular communication channel and a satellite communication channel.

9. A system for providing a mobile signaling channel during a Distributed Denial of Service (DDoS) attack on a network machine or a network resource, the system comprising:
- a hardware processor; and
  
  a memory communicatively coupled to the processor;
  
  the memory storing instructions executable by the processor to;
  
  determine whether a capacity of a primary signaling channel associated with a DDoS device protecting upstream data communications in a communication network serving the network machine or the network resource is below a predetermined threshold capacity, wherein the predetermined threshold capacity is measured in data packets per unit of time or throughput;
  
  based on a determination that the capacity of the primary signaling channel associated with the DDoS device is below the predetermined threshold capacity, determining that the DDoS device is unavailable to signal, via the primary signaling channel, that a DDoS attack directed to the network machine or the network resource is in progress;
  
  based on unavailability of the DDoS device to signal the DDoS attack via the primary signaling channel, activate a secondary signaling channel for the DDoS device, the secondary signaling channel being a mobile signaling channel provided using a mobile device communicatively coupled to the DDoS device;
  
  send notification of the DDoS attack to a Threat Protection System (TPS) via the secondary signaling channel; and
  
  in response to the sending of the notification, trigger, by the Threat Protection System, at least one DDoS protective measure, wherein the at least one DDoS protective measure includes at least one of passing data packets addressed to one of an attacked network machine and an attacked network resource through traffic filters, dropping a malicious data packet, resetting a connection, blocking a data packet received from an offending Internet Protocol address, and unfragmenting data packet streams.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the mobile device is communicatively coupled to the DDoS device through at least one of the following:
    - a wireless connection, a USB connection, and a PCI connection.
  - 11. The system of claim 9, wherein the sending notification of the DDoS attack via the mobile signaling channel is in tandem with a primary signaling of the DDoS attack via the primary signaling channel.
  - 12. The system of claim 9, wherein the sending notification indicates to the Threat Protection System (TPS) that the DDoS attack is in progress.
  - 13. The system of claim 12, wherein the TPS includes customer premise equipment installed at a customer site.
  - 14. The system of claim 12, wherein the TPS includes a cloud-based system.
  - 15. The system of claim 9, wherein the mobile signaling channel includes one or more of the following:
    - a cellular communication channel and a satellite communication channel.

16. A non-transitory processor-readable medium having embodied thereon a program being executable by at least one processor to perform a method for providing a mobile signaling channel during a Distributed Denial of Service (DDoS) attack on a network machine or a network resource, the method comprising:
- determining, by a processor, whether a capacity of a primary signaling channel associated with a DDoS device protecting upstream data communications in a communication network serving the network machine or the network resource is below a predetermined threshold capacity, wherein the predetermined threshold capacity is measured in data packets per unit of time or throughput;
  
  based on a determination that the capacity of the primary signaling channel associated with the DDoS device is below the predetermined threshold capacity, determining, by the processor, that the DDoS device is unavailable to signal, via the primary signaling channel, that a DDoS attack directed to the network machine or the network resource is in progressbased on unavailability of the DDoS device to signal the DDoS attack via the primary signaling channel, activating, by the processor, a secondary signaling channel for the DDoS device, the secondary signaling channel being a mobile signaling channel provided using a mobile device communicatively coupled to the DDoS device;
  
  sending, by the mobile device, notification of the DDoS attack to a threat protection system via the secondary signaling channel; and
  
  in response to the sending of the notification, triggering, by the Threat Protection System, at least one DDoS protective measure, wherein the at least one DDoS protective measure includes at least one of passing data packets addressed to one of an attacked network machine and an attacked network resource through traffic filters, dropping a malicious data packet, resetting a connection, blocking a data packet received from an offending Internet Protocol address, and unfragmenting data packet streams.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Friedel, Michael
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US14/589,828
Time in Patent Office

1,142 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

H04L 63/1458 Denial of Service

Distributed denial of service cellular signaling

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

200 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed denial of service cellular signaling

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

200 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links