公开(公告)号：US12126640B2

公开(公告)日：2024-10-22

申请号：US17931655

申请日：2022-09-13

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R. B. Woodworth ,  Dean Ballew

IPC: H04L9/40

CPC classification number: H04L63/1425

Abstract: Example systems and methods permit threat intelligence to be determined and used at a local, regional, and/or global level in a communications network. A threat intelligence system may collect traffic information from local computing systems and analyze it for malicious traffic. If a measure of malicious traffic in a local computing system is reached, mitigation actions may be taken in that local computing system. In addition, threat measures may be amplified in other local computing systems, other regions, or globally in the network, in order to more quickly react to a known threat as it may spread in a network.

公开(公告)号：US11973654B2

公开(公告)日：2024-04-30

申请号：US17822231

申请日：2022-08-25

Applicant: CenturyLink Intellectual Property LLC

Inventor： Dean Ballew ,  John R. B. Woodworth

IPC: H04L41/12 ,  H04L45/16 ,  H04L45/74 ,  H04L67/1021

CPC classification number: H04L41/12 ,  H04L45/16 ,  H04L45/74 ,  H04L67/1021

Abstract: In examples, a first Anycast advertisement is received from a first server identifying the first server as a primary address for a service. In addition, a second Anycast advertisement is received from the first server identifying the first server as a secondary address for the service. Further, a third Anycast advertisement is received from a second server identifying the second server as the secondary address for the service. A first community advertisement is also from the first server identifying the first server as a member of a first community. Thereafter, a first request is received from a client including the primary address, and the request is routed to the first server. When a second request from the client is received including the secondary address, based at least on the community advertisement, the first server is ignored, and the second request is routed to the second server.

公开(公告)号：US20240089174A1

公开(公告)日：2024-03-14

申请号：US18511411

申请日：2023-11-16

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R.B. Woodworth ,  Dean Ballew

IPC: H04L41/0823 ,  H04L41/08 ,  H04L41/16

CPC classification number: H04L41/0836 ,  H04L41/0883 ,  H04L41/16

Abstract: A method for controlling deployment of network configuration changes includes receiving, by centralized network management system executed by a processor and memory, configuration change instructions to alter a configuration of a network; computing, by the centralized network management system, a weighted impact of the configuration change instructions; determining, by the centralized network management system, whether the weighted impact of the configuration change instructions exceeds a threshold impact level; and in response to determining that the weighted impact does not exceed the threshold impact level, executing the configuration change instructions.

公开(公告)号：US20240073217A1

公开(公告)日：2024-02-29

申请号：US18363395

申请日：2023-08-01

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R.B. Woodworth ,  Dean Ballew

IPC: H04L9/40

CPC classification number: H04L63/107 ,  H04L63/20

Abstract: Computer networks may include various devices including computing devices (such as laptop computers or tablets), file servers, and printers. Also connected to such networks may be other internet-capable devices such as Internet of Things devices and Industrial Internet of Things devices. As such, systems and methods for automatic isolation of electronic devices are provided based on categorization of such devices.

公开(公告)号：US20240048587A1

公开(公告)日：2024-02-08

申请号：US18360931

申请日：2023-07-28

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R.B. Woodworth ,  Dean Ballew

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425

Abstract: Systems and methods for mitigating DNS amplification attacks are provided. In one example, a threat intelligence system collects data about the requests received by a DNS server, and/or responses generated by the DNS server. The threat intelligence system triggers a threat mitigation action upon detecting evidence (in one or more forms) of a DNS amplification attack. The threat mitigation action may include filtering DNS responses generated by the DNS server. The filtering rule may indicate that a DNS response in which the payload size is above a threshold payload size is to be dropped. In examples, the payload threshold size is dynamically set by the threat intelligence system using a machine learning model to minimize the filtering of DNS responses for valid DNS queries, while maximizing filtering of DNS responses for malicious DNS queries.

公开(公告)号：US20240031329A1

公开(公告)日：2024-01-25

申请号：US18338100

申请日：2023-06-20

Applicant: CenturyLink Intellectual Property LLC

Inventor： Dean Ballew ,  John R.B. Woodworth

IPC: H04L61/5014

CPC classification number: H04L61/5014

Abstract: Systems and methods for simplifying the assignment and management of IP addresses are provided. In examples, a DHCP relay agent system receives an IP address request or similar discover message from a client computing device and forwards the request to one or more DHCP servers. In addition to forwarding the request, the DHCP relay agent system may be configured to append and forward information related to the DHCP negotiation process to a DHCP server. For example, the indication of operations may include executable instructions, such as opcodes, that facilitate the offer of an IP address lease. Parameters necessary for executing the operations, such as operands, may also be appended. In examples, the DHCP server may effectively operate as a processor, virtual processor, or virtual machine in the lease negotiation process, where IP address assignment or management decisions are pre-defined by the configuration information of the DHCP relay agent system.

公开(公告)号：US20230362192A1

公开(公告)日：2023-11-09

申请号：US18306795

申请日：2023-04-25

Applicant: CenturyLink Intellectual Property LLC

Inventor： Dean Ballew ,  John R.B. Woodworth

IPC: H04L9/40 ,  H04L45/00 ,  H04L45/44

CPC classification number: H04L63/1458 ,  H04L45/54 ,  H04L45/72 ,  H04L45/44 ,  H04L63/1425 ,  H04L63/1416

Abstract: Examples of the present disclosure are directed to systems and methods for using router identifier information to mitigate denial of service attacks in an autonomous system (AS). Each router of the AS may be assigned a router identifier (ID) that is unique to the AS and may be periodically changed. The ingress router first receiving the packet within a particular AS may insert its router ID into the packet. A threat intelligence system may sample packets of traffic received by the AS and examine the inserted ingress router IDs in making a threat determination. If a distribution of detected ingress router IDs from sampled packets does not match an expected distribution of ingress router IDs, one or more threat mitigation actions may be invoked.

公开(公告)号：US20230300111A1

公开(公告)日：2023-09-21

申请号：US18157368

申请日：2023-01-20

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R.B. Woodworth ,  Dean Ballew

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/0236 ,  H04L61/4511 ,  H04L63/102

Abstract: Internet-connected devices are commonly used in various applications including home automation and industrial telemetry and control. Such devices may have relatively constrained needs for the various types of communications that are possible within the local network and with other devices on the internet, but the networks to which they are connected may nonetheless grant such devices unrestricted access. This may result in vulnerabilities that may be exploited by a malicious actor. As such, a system and method for providing security to internet-connected devices are provided.

公开(公告)号：US20230188551A1

公开(公告)日：2023-06-15

申请号：US17931655

申请日：2022-09-13

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R.B. Woodworth ,  Dean Ballew

IPC: H04L9/40

CPC classification number: H04L63/1425

Abstract: Example systems and methods permit threat intelligence to be determined and used at a local, regional, and/or global level in a communications network. A threat intelligence system may collect traffic information from local computing systems and analyze it for malicious traffic. If a measure of malicious traffic in a local computing system is reached, mitigation actions may be taken in that local computing system. In addition, threat measures may be amplified in other local computing systems, other regions, or globally in the network, in order to more quickly react to a known threat as it may spread in a network.

公开(公告)号：US11637808B2

公开(公告)日：2023-04-25

申请号：US17659564

申请日：2022-04-18

Applicant: CenturyLink Intellectual Property LLC

Inventor： John R. B. Woodworth ,  Dean Ballew ,  James C. Anders

IPC: H04L61/5061 ,  H04L61/5007 ,  H04L43/065 ,  H04L67/60

Abstract: The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.