| 发明名称 | Thwarting drone-waged denial of service attacks on a network | ||
| 摘要 | Embodiments are directed towards detecting and thwarting incoming network requests by either throttling and/or redirecting the attack requests towards a honeypot. As network requests are received, TCP segments are examined to identify a presence of attack signatures before returning an ACK. Such attack signatures may identified based on an absence of referrer headers, an invalid cookie, known improper sender addresses, known valid sender addresses, examination of OSI layer 4 and/or above content of a packet, or the like. If an attack is identified, throttling may be employed by responding to the attack requests by dropping and/or rejecting packets within the request, acknowledging the client device's packets at a byte level, modifying a round trip time (RTT) calculation by responding at a defined slowed rate, and/or redirecting client requests to a honeypot. | ||
| 申请公布号 | US9578055(B1) | 申请公布日期 | 2017.02.21 |
| 申请号 | US200912357372 | 申请日期 | 2009.01.21 |
| 申请人 | F5 Networks, Inc. | 发明人 | Khanal Bhushan P. |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Lowe Graham Jones PLLC | 代理人 | Branch John W.;Lowe Graham Jones PLLC |
| 主权项 | 1. A network device for managing a resource request over a network, comprising: a memory arranged to store data and instructions; an input interface for receiving requests and sending responses; and a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising: receiving a request from a requesting device over the network for access to a resource;selectively examining the request to determine whether it is associated with a network attack; andwhen the request is associated with a network attack, then performing at least one action that is directed towards thwarting the attack by at least: providing a redirection response to the request to redirect the requesting device to a honeypot device that is configured to absorb attacks; andperforming actions directed towards throttling communications with the client device, including:selectively inducing the requesting device associated with the request to throttle its communications with the network device by selectively sending delayed acknowledgements to requests from the requesting device;dropping or rejecting packets within the request to force the client device to resend the dropped or rejected packets; andacknowledging the client device's packets one byte at a time. | ||
| 地址 | Seattle WA US | ||