公开(公告)号：US09794281B1

公开(公告)日：2017-10-17

申请号：US14864684

申请日：2015-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Harvo Reyzell Jones ,  Nathan Alan Dye ,  Craig Wesley Howard

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L61/1511 ,  H04L63/1416

Abstract: Systems and methods are described to enable identification of computing devices associated with network attacks, such as denial of service attacks. Data packets used to execute a network attack often include forged source address information, such that the address of an attacker is difficult or impossible to determine based on those data packets. However, attackers generally provide legitimate address information when resolving an identifier, such as a universal resource identifier (URI), of an attack target into corresponding destination addresses. The application enables individual client computing devices to be provided with different combinations of destination addresses, such that when an attack is detected on a given combination of destination address, the client computing device to which that combination of destination addresses was provided can be identified as a source of the attack.

公开(公告)号：US09742795B1

公开(公告)日：2017-08-22

申请号：US14864683

申请日：2015-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Anton Stephen Radlein ,  Nathan Alan Dye ,  Craig Wesley Howard ,  Harvo Reyzell Jones

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/0218 ,  H04L63/1416 ,  H04L63/1458

Abstract: Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.