Network traffic regulation including consistency based detection and filtering of packets with spoof source addresses

Assignee

• ARBOR NETWORKS, INC. · US

Inventors

• David Wetherall · Burlingame, US
• Stefan Savage · Carlsbad, US
• Thomas E. Anderson · Normal, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1466
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A director is provided to receive source address instances of packets routed through routing devices of a network. The director determines whether any of the reported source address instances are to be deemed as spoof source address instances. The director further determines where filtering actions are to be deployed to filter out packets having certain source addresses deemed to be spoof instances. The director makes its determinations based at least in part on a selected one of a number of consistency measures. The consistency measures may include but are not limited to spatial consistency, destination consistency, migration consistency, and temporary consistency. The consistency measures are evaluated using spatial, destination source address range, migration and timing S/D/M/T distribution profiles of the reported source addresses. In some embodiments, the determinations are based further in view of reference S/D/M/T distribution profiles, which may be an exemplary S/D/M/T distribution profile of a typical non-spoof source address or a historical S/D/M/T distribution profile of the source address.