Overlay network for tracking denial-of-service floods in unreliable datagram delivery networks
First Claim
1. A method for tracking denial-of-service floods, the method comprising:
- rerouting a DoS flood attack datagram to a tracking router, wherein the tracking router forms an overlay tracking network with respect to an egress edge router; and
identifying, by the tracking router, an ingress edge router that forwarded the DoS flood attack datagram.
4 Assignments
0 Petitions
Accused Products
Abstract
An approach for tracking denial-of-service (DoS) flood attacks using an overlay IP (Internet Protocol) network is disclosed. One or more tracking routers form an overlay tracking network over the network of an Internet Service Provider (ISP). The ISP network includes numerous transit routers and edge routers. The tracking routers communicate directly with all the edge routers using IP tunnels. The edge routers within the ISP network perform security diagnostic functions, in part, to identify a DoS flood attack that has been launched by one or more attackers. To track down an attacker, an egress edge router identifies the DoS flood attack datagrams, rerouting these datagrams to the overlay tracking network. The tracking routers perform hop-by-hop input debugging to identify the ingress edge router associated with the source of the DoS flood attack.
83 Citations
29 Claims
-
1. A method for tracking denial-of-service floods, the method comprising:
-
rerouting a DoS flood attack datagram to a tracking router, wherein the tracking router forms an overlay tracking network with respect to an egress edge router; and identifying, by the tracking router, an ingress edge router that forwarded the DoS flood attack datagram. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A communication system for tracking denial-of-service (DoS) floods, the communication system comprising:
-
a plurality of edge routers including an ingress edge router and an egress edge router, each of the edge routers being configured to perform security diagnostic functions, in part, to identify a DoS flood attack datagram, wherein the ingress edge router is associated with a source of the DoS flood attack datagram; and a tracking router adjacent to the egress edge router, the tracking router being configured to perform the security diagnostic functions, the ingress edge router rerouting the DoS flood attack datagram to the tracking router as to permit identification of the ingress edge router, wherein the tracking router forms an overlay tracking network with respect to the plurality of edge routers. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer-readable medium carrying one or more sequences of one or more instructions for tracking denial-of-service floods (DoS), the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
receiving a DoS flood attack datagram on an overlay network formed by a tracking router; identifying the DoS flood attack datagram; and identifying, by the tracking router, a previous hop router associated with the DoS flood attack datagram to determine an ingress adjacency associated with the DoS flood attack. - View Dependent Claims (29)
-
Specification