公开(公告)号：US20060291473A1

公开(公告)日：2006-12-28

申请号：US11237553

申请日：2005-09-28

申请人： Christopher Chase ,  Nicholas Duffield ,  Albert Greenberg ,  Oliver Spatscheck ,  Jacobus Van der Merwe

发明人： Christopher Chase ,  Nicholas Duffield ,  Albert Greenberg ,  Oliver Spatscheck ,  Jacobus Van der Merwe

IPC分类号： H04L12/28

CPC分类号： H04L43/08 ,  H04L41/06 ,  H04L41/0631 ,  H04L41/0681 ,  H04L43/0876 ,  H04L43/12 ,  H04L43/14 ,  H04L43/16 ,  H04L45/02 ,  H04L45/42 ,  H04L45/50

摘要： Certain exemplary embodiments comprise a method comprising: for selected traffic that enters a backbone network via a predetermined ingress point and is addressed to a predetermined destination, via a dynamic tunnel, automatically diverting the selected traffic from the predetermined ingress point to a processing complex; and automatically forwarding the selected traffic from the processing complex toward the predetermined destination.

摘要翻译： 某些示例性实施例包括一种方法，其包括：对于经由预定入口点进入骨干网络并且经由动态隧道寻址到预定目的地的所选业务，将所选择的业务量从所述预定入口点自动转移到处理复合体; 并且将所选择的流量自动地从处理复合体转发到预定目的地。

公开(公告)号：US08001601B2

公开(公告)日：2011-08-16

申请号：US11452623

申请日：2006-06-14

申请人： Nicholas Duffield ,  Jacobus Van Der Merwe ,  Vyas Sekar ,  Oliver Spatscheck

发明人： Nicholas Duffield ,  Jacobus Van Der Merwe ,  Vyas Sekar ,  Oliver Spatscheck

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： H04L63/1425 ,  H04L63/1458

摘要： A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.

摘要翻译： 公开了一种用于检测和诊断拒绝服务攻击的多阶段框架，其中首先使用低成本异常检测机制来收集粗略数据，例如可以从简单网络管理协议（SNMP）数据流中获得。 分析这些数据以检测可能表示DDoS攻击的体积异常。 如果怀疑出现这种异常，则会生成事件报告，并用于触发对Netflow数据流中可用的细粒度数据的收集和分析。 这两种类型的收集和分析在服务提供商网络中的边缘路由器上进行说明性地进行，其将客户和客户网络接入服务提供商。 一旦检索到更详细信息的记录，就检查它们以确定异常是否表示分布式拒绝服务攻击，此时产生警报。

公开(公告)号：US20070283436A1

公开(公告)日：2007-12-06

申请号：US11452623

申请日：2006-06-14

申请人： Nicholas Duffield ,  Jacobus Van Der Merwe ,  Vyas Sekar ,  Oliver Spatscheck

发明人： Nicholas Duffield ,  Jacobus Van Der Merwe ,  Vyas Sekar ,  Oliver Spatscheck

IPC分类号： G06F12/14

CPC分类号： H04L63/1425 ,  H04L63/1458

摘要： A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.

摘要翻译： 公开了一种用于检测和诊断拒绝服务攻击的多阶段框架，其中首先使用低成本异常检测机制来收集粗略数据，例如可以从简单网络管理协议（SNMP）数据流中获得。 分析这些数据以检测可能表示DDoS攻击的体积异常。 如果怀疑出现这种异常，则会生成事件报告，并用于触发对Netflow数据流中可用的细粒度数据的收集和分析。 这两种类型的收集和分析在服务提供商网络中的边缘路由器上进行说明性地进行，其将客户和客户网络接入服务提供商。 一旦检索到更详细信息的记录，就检查它们以确定异常是否表示分布式拒绝服务攻击，此时产生警报。

公开(公告)号：US08856281B2

公开(公告)日：2014-10-07

申请号：US12728911

申请日：2010-03-22

申请人： Jacobus Van der Merwe ,  Seungjoon Lee ,  Oliver Spatscheck

发明人： Jacobus Van der Merwe ,  Seungjoon Lee ,  Oliver Spatscheck

IPC分类号： G06F15/16 ,  H04L29/12 ,  H04L29/08 ,  H04L25/03

CPC分类号： H04L67/1002 ,  H04L25/03923 ,  H04L29/12066 ,  H04L61/1511 ,  H04L61/6059 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1017 ,  H04L67/2842 ,  H04L67/288 ,  H04L67/327 ,  H04L67/42

摘要： A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor.

摘要翻译： 内容传送系统包括缓存服务器，域名服务器和重定向器。 域名服务器配置为接收缓存服务器地址请求，并提供IPv6任播地址。 重定向器被配置为从客户端系统接收寻址到IPv6任播地址的内容请求，从缓存服务器接收负载信息，并确定缓存服务器是否可用。 重定向器还被配置为当缓存服务器可用时将内容请求转发到缓存服务器。 缓存服务器被配置为接收从重定向器转发的内容请求，向客户端系统发送对内容请求的响应，响应包括作为源地址的缓存服务器的IPv6单播地址，客户端的IPv6单播地址 系统作为目的地地址，将IPv6任播地址作为家庭地址，并向请求者提供内容。

公开(公告)号：US08560597B2

公开(公告)日：2013-10-15

申请号：US12580861

申请日：2009-10-16

申请人： Oliver Spatscheck ,  Seungjoon Lee ,  Michael Rabinovich ,  Jacobus Van der Merwe

发明人： Oliver Spatscheck ,  Seungjoon Lee ,  Michael Rabinovich ,  Jacobus Van der Merwe

IPC分类号： G06F15/16

CPC分类号： H04L67/42 ,  H04L67/1002 ,  H04L67/2842

摘要： A cache server for providing content includes a processor configured to receive a first datagram from a client system sent to an anycast address, send a response datagram to the client system in response to the first datagram, receive a request datagram from the client system sent to the anycast address, and send a batch of content datagrams to the client system. The first datagram includes a universal resource locator corresponding to the content. The response datagram includes a content identifier for the content. The request datagram includes the content identifier, an offset, and a bandwidth indicator. The batch of content datagrams includes a portion of the content starting at the offset.

公开(公告)号：US08205253B2

公开(公告)日：2012-06-19

申请号：US12854331

申请日：2010-08-11

申请人： Oliver Spatscheck ,  Jacobus Van der Merwe

发明人： Oliver Spatscheck ,  Jacobus Van der Merwe

IPC分类号： H04L29/06

CPC分类号： H04L63/1458

摘要： Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient.

摘要翻译： 描述了一种用于接收包括目的地地址和源地址的数据分组的系统和方法，对应于端口号的数据分组，基于源地址为数据分组分配地址风险值，并为 基于端口号的数据包。 基于源地址将数据分组分类为社区，其中社区由对应于目的地地址的用户预定义，社区包括效用值。 将地址风险值和端口风险值与效用值进行比较，得到有益系数，并根据效益系数对数据包进行处理。

公开(公告)号：US20110231475A1

公开(公告)日：2011-09-22

申请号：US12728911

申请日：2010-03-22

申请人： Jacobus Van der Merwe ,  Seungjoon Lee ,  Oliver Spatscheck

发明人： Jacobus Van der Merwe ,  Seungjoon Lee ,  Oliver Spatscheck

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L67/1002 ,  H04L25/03923 ,  H04L29/12066 ,  H04L61/1511 ,  H04L61/6059 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1017 ,  H04L67/2842 ,  H04L67/288 ,  H04L67/327 ,  H04L67/42

摘要： A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor.

摘要翻译： 内容传送系统包括缓存服务器，域名服务器和重定向器。 域名服务器配置为接收缓存服务器地址请求，并提供IPv6任播地址。 重定向器被配置为从客户端系统接收寻址到IPv6任播地址的内容请求，从缓存服务器接收负载信息，并确定缓存服务器是否可用。 重定向器还被配置为当缓存服务器可用时将内容请求转发到缓存服务器。 缓存服务器被配置为接收从重定向器转发的内容请求，向客户端系统发送对内容请求的响应，响应包括作为源地址的缓存服务器的IPv6单播地址，客户端的IPv6单播地址 系统作为目的地地址，将IPv6任播地址作为家庭地址，并向请求者提供内容。

公开(公告)号：US20110214177A1

公开(公告)日：2011-09-01

申请号：US12854331

申请日：2010-08-11

申请人： Oliver Spatscheck ,  Jacobus Van der Merwe

发明人： Oliver Spatscheck ,  Jacobus Van der Merwe

IPC分类号： G06F21/00 ,  G06F15/16

CPC分类号： H04L63/1458

摘要： Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient.

摘要翻译： 描述了一种用于接收包括目的地地址和源地址的数据分组的系统和方法，与端口号相对应的数据分组，基于源地址为数据分组分配地址风险值，并为 基于端口号的数据包。 基于源地址将数据分组分类为社区，其中社区由对应于目的地地址的用户预定义，社区包括效用值。 将地址风险值和端口风险值与效用值进行比较，得到有益系数，并根据效益系数对数据包进行处理。

公开(公告)号：US20100153802A1

公开(公告)日：2010-06-17

申请号：US12335293

申请日：2008-12-15

申请人： Jacobus Van der Merwe ,  Oliver Spatscheck ,  Seungjoon Lee

发明人： Jacobus Van der Merwe ,  Oliver Spatscheck ,  Seungjoon Lee

IPC分类号： G06F15/16 ,  H04L1/18 ,  G06F11/14

CPC分类号： H04L12/1868 ,  H04L12/1881 ,  H04L12/1886 ,  H04L41/509 ,  H04L67/1002 ,  H04L67/101 ,  H04L67/28 ,  H04L67/2838

摘要： A system includes first, second, and third content servers, and an edge server. The first, second, and third content servers each are configured to cache content. The edge server is in communication with the first, second, and third content servers. The edge server is configured to receive a content request, and to request different portions of the content from each of the first, second, and third content servers based on a network cost of each of the first, second, and third content servers.

摘要翻译： 系统包括第一，第二和第三内容服务器和边缘服务器。 第一，第二和第三内容服务器被配置为缓存内容。 边缘服务器与第一，第二和第三内容服务器通信。 边缘服务器被配置为基于第一，第二和第三内容服务器中的每一个的网络成本来接收内容请求，并且从第一内容服务器，第二内容服务器和第三内容服务器中的每一个请求不同部分内容。

公开(公告)号：US07797738B1

公开(公告)日：2010-09-14

申请号：US11304147

申请日：2005-12-14

申请人： Oliver Spatscheck ,  Jacobus Van der Merwe

发明人： Oliver Spatscheck ,  Jacobus Van der Merwe

IPC分类号： G06F21/20

CPC分类号： H04L63/1458

摘要： Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient.

摘要翻译： 描述了一种用于接收包括目的地地址和源地址的数据分组的系统和方法，对应于端口号的数据分组，基于源地址为数据分组分配地址风险值，并为 基于端口号的数据包。 基于源地址将数据分组分类为社区，其中社区由对应于目的地地址的用户预定义，社区包括效用值。 将地址风险值和端口风险值与效用值进行比较，得到有益系数，并根据效益系数对数据包进行处理。