Systems and methods for suppressing denial of service attacks
US10277626B2 · kind B2 · utility
Inventor
Key dates
| Filing date | Nov 9, 2017 |
| Grant date | Apr 30, 2019 |
| Priority date | — |
| Expiry date | Nov 9, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques for network traffic filtering and flow control are disclosed. Some implementations provide a network communication evaluation module (“NCEM”) that executes on a networking device, such as a gateway or router, and performs network traffic control, such as suppressing denial of service attacks or otherwise limiting packet flow. The NCEM performs packet filtering in order to identify and drop packets that are being (or are likely to be) transmitted as part of a denial of service attack. The NCEM conditionally drops packets that meet specified conditions or rules. For example, the NCEM may drop all packets that are using a nonauthentic source address. As another example, the NCEM may limit the volume of packets of a particular type, such as by limiting the number of DNS requests that are made during a specified time interval.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.