公开(公告)号：US11595433B2

公开(公告)日：2023-02-28

申请号：US17239745

申请日：2021-04-26

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marek ,  Christopher Newton

IPC: H04L9/40

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

公开(公告)号：US10516697B2

公开(公告)日：2019-12-24

申请号：US16259173

申请日：2019-01-28

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L29/06

Abstract: Embodiments are provided for an actionable blacklist of DDoS offenders and ISPs associated offenders. The system can collect real-time attack data and perform real-time analysis, which can be fed into a centralized database for intelligent analysis to identify offenders and report to interested subscribers. The system can receive an indication that network resources are being targeted as part of one or more DDoS attacks, and then obtain the malicious IP address of devices associated with those DDoS attacks. The system can determine the Internet Service Provider (ISP) associated with malicious IP addresses. A metric can be computed that is associated with an ISP involved in the one or more DDoS attacks. If the metric exceeds a threshold, then an alert message indicating that the first ISP is involved in the one or more DDoS attacks can be sent to a list of subscribers.

公开(公告)号：US10333969B2

公开(公告)日：2019-06-25

申请号：US16155587

申请日：2018-10-09

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck ,  Christopher Newton

IPC: H04L29/06

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

公开(公告)号：US10135865B2

公开(公告)日：2018-11-20

申请号：US15899106

申请日：2018-02-19

Applicant: LEVEL 3 COMMUNICATIONS, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L29/06

Abstract: Embodiments can identify requests that may be tied to a DDOS attack. For example, the primary identifiers (e.g., a source address) of requests for a network resource (e.g., an entire website or a particular element of the website) can be tracked. In one embodiment, a statistical analysis of how often a particular source address (or other primary identifier) normally makes a request can be used to identify source addresses that make substantially more requests. A normal amount can correspond to an average number of request that a source address makes. According to some embodiments, a system can use statistical analysis methods on various request data in web server logs to identify potential attacks and send data concerned potential attacks to an HBA system for further analysis.

公开(公告)号：US20240163310A1

公开(公告)日：2024-05-16

申请号：US18392537

申请日：2023-12-21

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L9/40 ,  H04L41/08 ,  H04L41/0813 ,  H04L41/0816 ,  H04L41/0823 ,  H04L41/0866 ,  H04L45/02 ,  H04L45/021 ,  H04L45/42 ,  H04L45/745 ,  H04L47/80

CPC classification number: H04L63/1458 ,  H04L41/0813 ,  H04L41/0816 ,  H04L41/0823 ,  H04L41/0866 ,  H04L41/0889 ,  H04L45/02 ,  H04L45/021 ,  H04L45/04 ,  H04L45/42 ,  H04L45/745 ,  H04L47/80 ,  H04L63/20 ,  H04L41/22

Abstract: Embodiments are provided for managing routes of data traffic within a network. The management may be performed via a graphical user interface that interacts with a Web server to update a configuration file. The configuration file can be converted to router management commands by a network management device (e.g., a BGP speaker). The commands can then be sent to border routers for controlling network traffic. Embodiments are also provided for capturing and logging routing updates made in a network.

公开(公告)号：US11757932B2

公开(公告)日：2023-09-12

申请号：US17968839

申请日：2022-10-19

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck ,  Christopher Newton

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/20

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

公开(公告)号：US20230041892A1

公开(公告)日：2023-02-09

申请号：US17968839

申请日：2022-10-19

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck ,  Christopher Newton

IPC: H04L9/40

Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.

公开(公告)号：US10944784B2

公开(公告)日：2021-03-09

申请号：US16704626

申请日：2019-12-05

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L29/06

Abstract: Embodiments can identify requests that may be tied to a DDOS attack. For example, the primary identifiers (e.g., a source address) of requests for a network resource (e.g., an entire website or a particular element of the website) can be tracked. In one embodiment, a statistical analysis of how often a particular source address (or other primary identifier) normally makes a request can be used to identify source addresses that make substantially more requests. A normal amount can correspond to an average number of request that a source address makes. According to some embodiments, a system can use statistical analysis methods on various request data in web server logs to identify potential attacks and send data concerned potential attacks to an HBA system for further analysis.

公开(公告)号：US20200228549A1

公开(公告)日：2020-07-16

申请号：US16831398

申请日：2020-03-26

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L29/06 ,  H04W80/06 ,  H04L12/64 ,  H04L12/00

Abstract: A system can monitor the server for indications of an attack and adjusts server settings accordingly. In response, the system can increase server tolerance in a systematic way to deal with DDoS by adjusting server settings appropriately. Conversely, when the server is not under attack, the settings can be adjusted to those for standard operations (e.g., adjusted downward), as they are more optimal for normal, non-attack operations.

公开(公告)号：US20190190932A1

公开(公告)日：2019-06-20

申请号：US16284805

申请日：2019-02-25

Applicant: Level 3 Communications, LLC

Inventor： Robert Smith ,  Shawn Marck

IPC: H04L29/06 ,  H04L12/64 ,  H04W80/06 ,  H04L12/00

CPC classification number: H04L63/1416 ,  H04L12/00 ,  H04L12/6418 ,  H04L63/1458 ,  H04W80/06

Abstract: A system can monitor the server for indications of an attack and adjusts server settings accordingly. In response, the system can increase server tolerance in a systematic way to deal with DDoS by adjusting server settings appropriately. Conversely, when the server is not under attack, the settings can be adjusted to those for standard operations (e.g., adjusted downward), as they are more optimal for normal, non-attack operations.