-
公开(公告)号:US10129296B2
公开(公告)日:2018-11-13
申请号:US15603256
申请日:2017-05-23
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
公开(公告)号:US10574690B2
公开(公告)日:2020-02-25
申请号:US15489421
申请日:2017-04-17
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.
-
公开(公告)号:US10581904B2
公开(公告)日:2020-03-03
申请号:US15585090
申请日:2017-05-02
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
-
公开(公告)号:US09661020B2
公开(公告)日:2017-05-23
申请号:US14509010
申请日:2014-10-07
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
IPC: H04L29/06
CPC classification number: H04L63/1458 , G06F21/552 , G06F21/577 , H04L63/0281 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1466 , H04L63/20
Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
Patent Agency Ranking
公开(公告)号:US09628509B2
公开(公告)日:2017-04-18
申请号:US14109815
申请日:2013-12-17
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
IPC: H04L29/06
CPC classification number: H04L63/1458 , G06F21/552 , G06F21/577 , H04L63/0281 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1466 , H04L63/20
Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.
-
公开(公告)号:US11818167B2
公开(公告)日:2023-11-14
申请号:US17509829
申请日:2021-10-25
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
CPC classification number: H04L63/1458 , G06F21/552 , G06F21/577 , H04L63/0281 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1466 , H04L63/20
Abstract: An authoritative DNS server receives DNS requests for domains. The authoritative DNS server responds to the requests with address records that include IP addresses that are selected from a larger pool of IP addresses, where a first response to a DNS query for a domain can include IP addresses different from IP addresses included in a second response for the same domain. Also, the same IP addresses may be returned for a first domain and a different, second domain. The authoritative DNS server may randomly select the IP addresses to include in responses to the requests regardless of the domain.
-
公开(公告)号:US11159563B2
公开(公告)日:2021-10-26
申请号:US16800175
申请日:2020-02-25
Applicant: Cloudflare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.
-
公开(公告)号:US10511624B2
公开(公告)日:2019-12-17
申请号:US16188247
申请日:2018-11-12
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
公开(公告)号:US09641549B2
公开(公告)日:2017-05-02
申请号:US14172823
申请日:2014-02-04
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
IPC: H04L29/06
CPC classification number: H04L63/1458 , G06F21/552 , G06F21/577 , H04L63/0281 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1466 , H04L63/20
Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.018 seconds)
