Infrastructure distributed denial of service protection

Assignee

• Imperva, Inc. · US

Inventors

• Dvir Shapira · Sunnyvale, US
• Ehud Cohen · Kiryat Motzkin, IL
• Tomer Bronshtein · Ashdod, IL
• Eyal Leshem · Jerusalem, IL
• Alon Ludmer · Kfar Sava, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of providing infrastructure protection for a server of a network organization, the method including announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers. The method further including receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers. The method further including determining, by the distributed network, whether the incoming network packet is legitimate. The method further including responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server at a private IP address.