US 9,813,314 B2
Mitigating reflection-based network attacks
Jean-Philippe Vasseur, Saint Martin d'Uriage (FR); and Sukrit Dasgupta, Norwood, MA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jul. 21, 2014, as Appl. No. 14/336,106.
Prior Publication US 2016/0020969 A1, Jan. 21, 2016
Int. Cl. H04J 1/16 (2006.01); H04L 12/26 (2006.01); H04L 12/28 (2006.01); H04L 29/06 (2006.01)
CPC H04L 43/062 (2013.01) [H04L 12/2854 (2013.01); H04L 63/00 (2013.01)] 19 Claims
OG exemplary drawing
 
8. An apparatus, comprising:
one or more network interfaces to communicate with a network;
a processor coupled to the network interfaces and configured to execute one or more processes; and
a memory configured to store a process executable by the processor, the process when executed operable to:
route traffic along a network path;
receive a performance threshold crossing alert regarding performance of the network path;
detect that the performance threshold crossing alert is part of a potential network attack by analyzing the performance threshold crossing alert, wherein the detection distinguishes performance threshold crossing alerts from legitimate entities from performance threshold crossing alerts from malicious entities;
provide a notification of the detected network attack;
generate one or more keys and one or more seed values;
perform handshaking with a second network device located along the network path by exchanging keys and seed values;
receive a performance threshold crossing alert from the second network device, wherein the alert from the second network device is digitally signed using a particular key generated using the exchanged seed values; and
validate the alert from the second network device received from the second network device using one of the exchanged keys.