专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2012096740A1 ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS 审中-公开
标题翻译： DDOS和SSL DDOS攻击的主动验证
公开(公告)号：WO2012096740A1
公开(公告)日：2012-07-19
申请号：PCT/US2011/064328
申请日：2011-12-12
申请人： VERISIGN, INC. , BHOGAVILLI, Suresh , GUIMARAES, Roberto , PANDRANGI, Ramakant , SCALZO, Frank
发明人： BHOGAVILLI, Suresh , GUIMARAES, Roberto , PANDRANGI, Ramakant , SCALZO, Frank
IPC分类号： H04L9/32 , H04L29/06
CPC分类号： H04L63/1416 , H04L9/0825 , H04L63/0428 , H04L63/1458 , H04L67/02 , H04L2463/141 , H04L2463/144
摘要： Methods and systems for detecting and responding to Denial of Service ("DoS") attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.
摘要翻译：用于检测和响应拒绝服务（“DoS”）攻击的方法和系统包括：检测对包括一个或多个服务器的第一服务器系统的DoS攻击或潜在DoS攻击; 在包括一个或多个服务器的第二服务器系统处接收指向所述第一服务器系统的网络流量; 对请求客户端进行一个或多个挑战机制，挑战机制包括一个或多个挑战性请求客户端遵循HTTP重定向响应，挑战请求客户端请求安全套接字层（SSL）会话恢复，或挑战请求客户端存储和发送 HTTP Cookie; 识别一个或多个非可疑客户端，所述一个或多个可疑客户端对应于成功完成所述一个或多个挑战机制的请求客户端; 识别一个或多个可疑客户端，所述一个或多个可疑客户端对应于未成功完成所述一个或多个挑战机制的请求客户端; 以及由所述第二服务器系统将对应于所述一个或多个非可疑客户端的流量转发到所述第一服务器系统。一旦客户端被验证，客户端可以通过透明地通过一个或多个中间代理服务器以安全的方式直接与应用服务器通信。

2. 发明申请

WO2011075368A1 LOCKLESS QUEUES 审中-公开
标题翻译：无拘无束的队友
公开(公告)号：WO2011075368A1
公开(公告)日：2011-06-23
申请号：PCT/US2010/059545
申请日：2010-12-08
申请人： VERISIGN, INC. , RODRIGUES, Roberto , BHOGAVILLI, Suresh
发明人： RODRIGUES, Roberto , BHOGAVILLI, Suresh
IPC分类号： G06F9/46
CPC分类号： G06F9/544 , G06F9/526
摘要： A method for passing data from a first processing thread to a second processing thread, wherein the first processing thread produces data to be processed by the second processing thread. The data from the first processing thread may be inserted into objects that in turn are inserted into a queue ob objects to be processed by the second thread. The queue may be a circular array, wherein the array includes a pointer to a head and a pointer to a tail, wherein only the first processing thread modifies the tail pointer and only the second processing thread modifies the head pointer.
摘要翻译：一种将数据从第一处理线程传递到第二处理线程的方法，其中第一处理线程产生要由第二处理线程处理的数据。可以将来自第一处理线程的数据插入到另一个被第二线程处理的队列ob对象中的对象中。队列可以是圆形阵列，其中阵列包括指向头部的指针和指向尾部的指针，其中只有第一处理线程修改尾指针，并且仅第二处理线程修改头指针。

3. 发明申请

WO2011025854A1 METHOD FOR OPTIMIZING A ROUTE CACHE 审中-公开
标题翻译：优化路由缓存的方法
公开(公告)号：WO2011025854A1
公开(公告)日：2011-03-03
申请号：PCT/US2010/046741
申请日：2010-08-26
申请人： VERISIGN, INC. , BHOGAVILLI, Suresh Kumar , WILEY, Glen Stuart
发明人： BHOGAVILLI, Suresh Kumar , WILEY, Glen Stuart
IPC分类号： H04L12/56
CPC分类号： H04L63/1458 , H04L45/742
摘要： A system and method for managing a route cache to reduce the risk of disruption from denial of service attacks. All traffic arriving on a front interface from local (on-link) nodes (e.g., neighbor nodes) can be treated normally. However, for packets arriving from remote (off-link) sources addressed to a given destination IP address, a single, shared route cache entry can be used. The source-address field in this entry can be zeroed-out since it will not be used for traffic coming from any one source. Similarly, for all packets going to off-link destinations through the front-interface, another single shared route cache entry can be created and used. The destination-address field in this entry can be zeroed out since it will not be used for traffic going to any one destination.
摘要翻译：一种用于管理路由缓存以减少来自拒绝服务攻击的中断风险的系统和方法。从本地（在线）节点（例如邻居节点）到达前端接口的所有流量都可以正常处理。然而，对于从寻址到给定目的地IP地址的远程（非链路）源到达的分组，可以使用单个共享路由高速缓存条目。该条目中的源地址字段可以被清零，因为它不会用于来自任何一个源的流量。类似地，对于通过前端接口去链路目的地的所有数据包，可以创建和使用另一个单独的共享路由缓存条目。此条目中的目标地址字段可以清零，因为它不会用于到任何一个目的地的流量。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式