ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS

摘要

Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.

主权项

1. A computer-implemented method of mitigating against a denial of service (DoS) attack, comprising:
detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to at least one challenge mechanism, the at least one challenge mechanism comprising challenging requesting clients to request Secure Sockets Layer (SSL) session resumption; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the at least one challenge mechanism; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the at least one challenge mechanism; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system.