A system architecture (10) for thwarting denial of service attacks on a victim data center is described. The system (10) includes a first plurality of monitors (28) that monitor network traffic flow through the network (14). The first plurality of monitors (28) is disposed at a second plurality of points in the network (14). The system (10) includes a central controller (24) that receives data from the plurality of monitors (18), over a hardened, redundant network (30). The central controller (24) analyzes network statistics to identify malicious network traffic. In some embodiments of the system, a gateway device (26) is disposed to pass network packets between the network (14) and the victim site (12). The gateway (26) is disposed to protect the victim site (12), and is coupled to the control center (24) by the redundant hardened network (30).
申请公布号
WO0221297(A1)
申请公布日期
2002.03.14
申请号
WO2001US27395
申请日期
2001.09.04
申请人
MAZU NETWORKS, INC.;KAASHOEK, MARINUS, FRANS;KOHLER, EDWARD, W., JR.;POLETTO, MASSIMILIANO, ANTONIO
发明人
KAASHOEK, MARINUS, FRANS;KOHLER, EDWARD, W., JR.;POLETTO, MASSIMILIANO, ANTONIO