公开(公告)号：US20180124101A1

公开(公告)日：2018-05-03

申请号：US15852359

申请日：2017-12-22

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  John A. Schiel

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/1458

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

公开(公告)号：US09888028B2

公开(公告)日：2018-02-06

申请号：US14267226

申请日：2014-05-01

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  John A. Schiel

IPC: G06F15/16 ,  H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/1458

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

公开(公告)号：US11095680B2

公开(公告)日：2021-08-17

申请号：US15135239

申请日：2016-04-21

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  Michael Glenn ,  John A. Schiel ,  Christopher L. Garner

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/803 ,  H04L12/927

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

公开(公告)号：US20140331308A1

公开(公告)日：2014-11-06

申请号：US14267226

申请日：2014-05-01

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  John A. Schiel

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/1458

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

Abstract translation: 用于远程触发黑洞过滤的方法可以包括：为网络流量的目的地地址发布第一修改的下一跳地址，以及为网络业务的源地址通告第二修改的下一跳地址。 目标地址的第一个下一跳地址可能会被第一个修改的下一跳地址覆盖。 过滤的流量然后可以被转发到第一修改的下一跳地址，其中被过滤的流量仅包括寻址到目的地地址或源地址的网络流量。 在某些情况下，经过沉没隧道传输和接收过滤后的流量。 源地址的第二个下一跳地址可以被覆盖到第二个修改的下一跳地址。 可以将可以被过滤的流量的目标地址和来自源地址的攻击流量转发到丢弃接口。

公开(公告)号：US20220329625A1

公开(公告)日：2022-10-13

申请号：US17657381

申请日：2022-03-31

Applicant: CenturyLink Intellectual Property LLC

Inventor： Dean Ballew ,  John R.B. Woodworth ,  John A. Schiel

IPC: H04L9/40

Abstract: Examples of the present disclosure describe systems and methods for providing security against IP spoofing. In aspects, network traffic associated with one or more data requests may be received by a device in a computing environment. The network traffic may be evaluated using one or more automated logic systems or algorithms to identify suspicious or malicious behavior. The automated logic systems or algorithms may implement one or more analyses, such as asymmetric routing analysis, hardware device analysis, user and/or network behavior analysis, etc. Upon identifying suspicious or malicious behavior, the automated logic systems or algorithms may apply a filter to one or more computing devices. For example, a filter for blocking network traffic associated with the suspicious or malicious behavior may be applied to a computing device that is in close geographic and/or logical proximity to an attacking computing device.

公开(公告)号：US10091234B2

公开(公告)日：2018-10-02

申请号：US15852359

申请日：2017-12-22

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  John A. Schiel

IPC: G06F15/16 ,  H04L29/06

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

公开(公告)号：US20160241590A1

公开(公告)日：2016-08-18

申请号：US15135239

申请日：2016-04-21

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  Michael Glenn ,  John A. Schiel ,  Christopher L. Garner

IPC: H04L29/06 ,  H04L12/803 ,  H04L12/927

CPC classification number: H04L63/1458 ,  H04L47/125 ,  H04L47/801 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/029 ,  H04L63/10 ,  H04L63/1441 ,  H04L67/1002

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract translation: 用于在任播播放环境中过滤网络流量的新型工具和技术包括接收寻址到边缘路由器处的多个任播服务器的网络流量，所述多个任播服务器包括一个或多个任播服务器。 从边缘服务器接收至少一个数据擦除设备的网络流量。 至少一个数据擦除设备从网络流量中滤除不需要的流量。 所述至少一个数据擦除设备将已过滤的网络流量“上升”到多个任播服务器。 滤波后的网络业务以负载平衡的方式被发送到多个任播服务器。

公开(公告)号：US09350706B1

公开(公告)日：2016-05-24

申请号：US14209682

申请日：2014-03-13

Applicant: CenturyLink Intellectual Property LLC

Inventor： Donald J. Smith ,  Michael Glenn ,  John A. Schiel ,  Christopher L. Garner

IPC: G06F12/14 ,  G06F11/00 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L63/1458 ,  H04L47/125 ,  H04L47/801 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/029 ,  H04L63/10 ,  H04L63/1441 ,  H04L67/1002

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract translation: 用于在任播播放环境中过滤网络流量的新型工具和技术包括接收寻址到边缘路由器处的多个任播服务器的网络流量，所述多个任播服务器包括一个或多个任播服务器。 从边缘服务器接收至少一个数据擦除设备的网络流量。 至少一个数据擦除设备从网络流量中滤除不需要的流量。 所述至少一个数据擦除设备将已过滤的网络流量“上升”到多个任播服务器。 滤波后的网络业务以负载平衡的方式被发送到多个任播服务器。