(19) United States
(12) Patent Application Publication (io) Pub. No.: US 2002/0031134 Al
Poletto et al. (43) Pub. Date: Mar. 14,2002
(54) DEVICE TO PROTECT VICTIM SITES
DURING DENIAL OF SERVICE ATTACKS
(76) Inventors: Massimiliano Antonio Poletto,
Cambridge, MA (US); Edward W.
Kohler JR., Oakland, CA (US)
DENIS G. MALONEY
Fish & Richardson PC.
225 Franklin Street
Boston, MA 02110-2804 (US)
(21) Appl. No.: 09/931,344
(22) Filed: Aug. 16, 2001
Related U.S. Application Data
(63) Non-provisional ol provisional application No. 60/230,759, filed on Sep. 7, 2000.
(51) Int. CI.7 H04L 12/28; H04L 12/56
(52) U.S. CI 370/401; 709/238
A system architecture for thwarting denial ol service attacks on a victim data center is described. The system includes a first plurality ol monitors that monitor network traffic flow through the network. The first plurality ol monitors is disposed at a second plurality ol points in the network. The system includes a central controller that receives data Irom the plurality ol monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identily malicious network traffic. In some embodiments ol the system, a gateway device is disposed to pass network packets between the network and the victim site. The gateway is disposed to protect the victim site, and is coupled to the control center by the redundant hardened network.