METHOD AND SYSTEM FOR MITIGATION OF DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS
First Claim
Patent Images
1. A system for mitigating malicious network traffic, comprising:
- a protected server within a domain;
at least one Authoritative Domain Name System (DNS) server of the domain;
at least one DNS Traffic Analyzer and Firewall (DTAF), wherein network traffic must pass through the DTAF Firewall(s) before accessing the Authoritative DNS server(s), and wherein the DTAF Firewall(s) analyzes the network traffic attempting to pass through the DTAF Firewall; and
a Central Master DTAF, wherein the DTAF Firewall(s) send network traffic data to the Central Master DTAF, and wherein the Central Master DTAF sends at least one access control list to the DTAF Firewall(s).
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for mitigating the effects of malicious internet traffic, including DDOS attacks, by utilizing a DNS Traffic Analyzer and Firewall to analyze network traffic intended for a DNS server and preventing some network traffic from accessing the DNS server.
122 Citations
14 Claims
-
1. A system for mitigating malicious network traffic, comprising:
-
a protected server within a domain; at least one Authoritative Domain Name System (DNS) server of the domain; at least one DNS Traffic Analyzer and Firewall (DTAF), wherein network traffic must pass through the DTAF Firewall(s) before accessing the Authoritative DNS server(s), and wherein the DTAF Firewall(s) analyzes the network traffic attempting to pass through the DTAF Firewall; and a Central Master DTAF, wherein the DTAF Firewall(s) send network traffic data to the Central Master DTAF, and wherein the Central Master DTAF sends at least one access control list to the DTAF Firewall(s). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for mitigating malicious network traffic, comprising the following steps:
-
analyzing network traffic intended for at least one Authoritative Domain Name System (DNS) server; generating network traffic data; sending the network traffic data to a central system; receiving an access control list from the central system; and updating firewall parameters based upon the received access control list. - View Dependent Claims (13)
-
-
12. The method of claim 12, further comprising the following steps:
-
determining a particular DNS server utilized by suspicious network traffic; including DNS server data in the network traffic data; and including DNS server information in the access control list.
-
-
14. The method of claim 14, further comprising the following steps:
rotating the Authoritative DNS servers on a regular basis.
Specification