System and methods for preventing denial of service attacks
US7587760B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 26, 2004 |
| Grant date | Sep 8, 2009 |
| Priority date | — |
| Expiry date | Sep 2, 2026 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Conventional countermeasures to Distributed Denial of Service (DDoS) attacks typically focus on practices and rules for organizing a robust, DDoS-resilient network which anticipates proactive cooperation of users. Such measures involve widespread implementation cooperation and may be difficult or problematic to enforce in a large organization. Configurations of the invention employ the attacker's technique preventatively against the attack to identify sources likely to be employed for DDoS attacks. Crawlers scan web sites for identifying pages likely to be exploited as launch pads by DDoS attackers. A scanner device dispatches robots for sending probe messages from the launch pads which emulate an actual attack. Each of the probe messages are sent to a known, predetermined destination for determining identifying characteristics of such a message. The identifying characteristics define a signature of messages emanating from the launch pad. Such probe messages are tagged with an identifying field or label, such as a predetermined address. The signatures are then employed for comparison with other incoming message traffic.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.