Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs
US7889735B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 5, 2005 |
| Grant date | Feb 15, 2011 |
| Priority date | — |
| Expiry date | Aug 7, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/146
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for defending against a Denial of Service attack wherein a target victim of an attack has recognized the existence of an attack and identified its source. The carrier network which provides service to the victim automatically receives one or more IP (Internet Protocol) source/destination IP address pairs from the victim, and then limits (e.g., blocks) the transmission of packets from the identified source address to the identified destination address. The carrier may implement this filtering capability as a stand-alone box included in the network, or as a line card incorporated into otherwise conventional network elements already present in the network. The source/destination address pairs to be blocked may be advantageously communicated from the victim with use of security signatures and with use of redundant connections from the victim to the carrier network to ensure receipt even under congested network conditions.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.