Mitigating network attacks
First Claim
1. A content delivery system comprising:
- a first point of presence (“
POP”
) comprising a first plurality of computing devices, the first POP configured to retrieve and respond to client requests for a plurality of sets of content;
a second POP comprising a second plurality of computing devices, the second POP configured to retrieve and respond to client requests for the plurality of sets of content; and
one or more computing devices implementing an attack mitigation service, the one or more computing devices configured with specific computer-executable instructions to;
detect a network attack on the first POP, wherein the network attack is directed to a combination of network addresses utilized by the first POP;
identify, based at least in part on the combination of network addresses, a first set of content, from the plurality of sets of content, as a target of the network attack;
identify, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses;
disassociate the second set of content from the at least one network address; and
modify routing of network transmissions to the first set of content based at least partly on transmitting instructions to the first POP to withdrawal its association with the combination of network addresses and transmitting instructions to the second POP to generate an association between the second POP and the combination of network addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
1241 Citations
23 Claims
-
1. A content delivery system comprising:
-
a first point of presence (“
POP”
) comprising a first plurality of computing devices, the first POP configured to retrieve and respond to client requests for a plurality of sets of content;a second POP comprising a second plurality of computing devices, the second POP configured to retrieve and respond to client requests for the plurality of sets of content; and one or more computing devices implementing an attack mitigation service, the one or more computing devices configured with specific computer-executable instructions to; detect a network attack on the first POP, wherein the network attack is directed to a combination of network addresses utilized by the first POP; identify, based at least in part on the combination of network addresses, a first set of content, from the plurality of sets of content, as a target of the network attack; identify, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; disassociate the second set of content from the at least one network address; and modify routing of network transmissions to the first set of content based at least partly on transmitting instructions to the first POP to withdrawal its association with the combination of network addresses and transmitting instructions to the second POP to generate an association between the second POP and the combination of network addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method comprising:
-
detecting a network attack on a first set of computing devices of a content delivery system, wherein the network attack is directed to a combination of network addresses utilized by the first set of computing devices, and wherein the first set of computing devices provide access to a plurality of sets of content; identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of network addresses to which the attack is directed; identifying, a second set of content, from the plurality of sets of contents, as not targeted by the network attack based at least partly on the combination of network addresses to which the attack is directed, wherein the second set of content is made available at at least one network address of the combination of network addresses; and mitigating the network attack based at least in part on disassociating the second set of content from the at least one network address and transmitting instructions to one or more routing devices, in communication with the content delivery system, to redirect traffic addressed to the combination of network addresses from the first set of computing devices to a second set of computing devices on the content delivery system. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. Non-transitory computer-readable media comprising computer-executable instructions that, when executed by a computing system, cause the computing system to:
-
detect a network attack on a content delivery system, wherein the network attack is directed to a combination of addressing information sets utilized by one or more computing devices of the content delivery system, and wherein the one or more computing devices provide access to a plurality of sets of content; identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; identify a second set of content, from the plurality of sets of contents, as not targeted by the network attack based at least partly on the combination of addressing information sets to which the attack is directed, wherein the second set of content is made available at at least one addressing information set of the combination of addressing information sets; and mitigate the network attack based at least in part on disassociating the second set content from the at least one addressing information set and modifying a routing of the combination of addressing information sets within the content delivery system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification