SYSTEM AND METHODS FOR PROTECTING NETWORK SITES FROM DENIAL OF SERVICE ATTACKS

摘要

A system and method for routing a packet within a computer network between a source and target for a source having a permission to transmit packets to the target, which includes a plurality of first nodes associated with the target. A plurality of routers are provided which are configured to route packets to the target only from one of the plurality of first nodes. A plurality of second nodes are configured to store routing information for routing packets from the respective second node to the one of the first nodes for those packets having a representation of the target's network address. A plurality of third nodes are configured to accept a packet, to determine whether the source has permission to transmit the packet to the target, and if such permission is determined to exist, to route the packet to one of the plurality of second nodes by applying a hash function to the target's network address associated with the packet. The system prevents Denial of Service attacks by routing via consistent hashing and filtering.