Encrypted network addresses
    32.
    发明授权

    公开(公告)号:US10469513B2

    公开(公告)日:2019-11-05

    申请号:US15389314

    申请日:2016-12-22

    Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

    ROUTING MODE AND POINT-OF-PRESENCE SELECTION SERVICE

    公开(公告)号:US20190044846A1

    公开(公告)日:2019-02-07

    申请号:US16154580

    申请日:2018-10-08

    Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

    ADAPTIVE TRANSFER RATE FOR RETRIEVING CONTENT FROM A SERVER

    公开(公告)号:US20190028562A1

    公开(公告)日:2019-01-24

    申请号:US16143892

    申请日:2018-09-27

    Abstract: An edge system receives requests from user devices to retrieves files from an origin server. Instead of retrieving the files as fast as possible, the edge system throttles the retrieval of files to a rate that just exceeds the speed at which the file is played by a browser or media player. The edge system determines an appropriate retrieval rate based on the contents of the file itself. For example, a manifest file associated with the file can indicate a time it takes to play back content and a bitrate of the content. Thus, the edge server can use this information to retrieve a file from an origin server at a rate that is just fast enough to minimize playback interruption. The retrieval rate determined by the edge server therefore does not rely on how fast or slow the user device retrieves the file from the edge server.

    Identifying targets of network attacks

    公开(公告)号:US10097566B1

    公开(公告)日:2018-10-09

    申请号:US14815863

    申请日:2015-07-31

    Abstract: Systems and methods are described to enable identification of computing resources targeted in a network attack. Network attacks, such as denial of service attacks, are frequently directed to network addresses that host multiple sets of content, each representing a distinct potential target of the network attack. Aspects of this disclosure enable each set of content to be assigned a unique or semi-unique combination of network addresses at which the set of content is accessible. During a network attack, a hosting system can compare the network addresses under attack to those assigned to each set of content to determine which sets of content are potentially targeted by the attack. Where the combination of network addresses is associated with only a single set of content, that set of content can be identified as the target of the network attack.

    Routing mode and point-of-presence selection service

    公开(公告)号:US10033627B1

    公开(公告)日:2018-07-24

    申请号:US14575798

    申请日:2014-12-18

    CPC classification number: H04L45/22 H04L43/0876 H04L43/0888 H04L43/16

    Abstract: Systems and methods for sloppy routing are provided. A client transmits a DNS query corresponding to a requested resource to a content delivery network (CDN) service provider. In some embodiments, the CDN service provider processes the DNS query to determine whether a threshold content delivery bandwidth has been exceeded by data links at cache servers. In other embodiments, additionally or alternatively, the CDN service provider determines whether a content provider has exceeded a threshold network usage that indicates a price at which the CDN service provider to provide content on behalf of the content provider. Using both or either of these thresholds, the CDN service provider can further process the DNS query by providing an alternative resource identifier or a cache IP address, both associated with an alternative POP. In some embodiments, the CDN service provider determines a routing mode for the response to the DNS query.

    MITIGATING NETWORK ATTACKS
    37.
    发明申请

    公开(公告)号:US20180109553A1

    公开(公告)日:2018-04-19

    申请号:US15714993

    申请日:2017-09-25

    CPC classification number: H04L63/1441 H04L61/1511 H04L63/1458

    Abstract: Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.

    Identifying sources of network attacks

    公开(公告)号:US09794281B1

    公开(公告)日:2017-10-17

    申请号:US14864684

    申请日:2015-09-24

    CPC classification number: H04L63/1458 H04L61/1511 H04L63/1416

    Abstract: Systems and methods are described to enable identification of computing devices associated with network attacks, such as denial of service attacks. Data packets used to execute a network attack often include forged source address information, such that the address of an attacker is difficult or impossible to determine based on those data packets. However, attackers generally provide legitimate address information when resolving an identifier, such as a universal resource identifier (URI), of an attack target into corresponding destination addresses. The application enables individual client computing devices to be provided with different combinations of destination addresses, such that when an attack is detected on a given combination of destination address, the client computing device to which that combination of destination addresses was provided can be identified as a source of the attack.

    Mitigating network attacks
    40.
    发明授权

    公开(公告)号:US09742795B1

    公开(公告)日:2017-08-22

    申请号:US14864683

    申请日:2015-09-24

    CPC classification number: H04L63/1441 H04L63/0218 H04L63/1416 H04L63/1458

    Abstract: Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.

Patent Agency Ranking