Infrastructure distributed denial of service (DDoS) protection

Assignee

• Imperva, Inc. · US

Inventors

• Dvir Shapira · Sunnyvale, US
• Ehud Cohen · Kiryat Motzkin, IL
• Tomer Bronshtein · Ashdod, IL
• Eyal Leshem · Jerusalem, IL
• Alon Ludmer · Kfar Sava, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of providing infrastructure protection for a network that includes IP addresses as low as a single IP address. An end user sends traffic to an IP address of a projected server publicly available as an anycast address, and sends traffic to the protected network. The traffic is routed via one of several scrubbing centers using the public IP address as anycast address, and the scrubbing center provides infrastructure protection by scanning and filtering the incoming traffic for illegitimate data. After filtering, the legitimate traffic is encapsulated, e.g., via including virtual GRE tunnel information that includes a secret IP address known only to the scrubbing center and the protected server that receives the network traffic. The protected server decapsulates the network packet and responds back to the end user via the scrubbing network.