Patents by Inventor Michael Feldpusch
Michael Feldpusch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240146576Abstract: One or more encapsulation tunnel aggregator devices are distributed across a provider's network. The tunnel aggregator device(s) may receive clean return traffic from a managed security router (MSR) and route the traffic to a customer endpoint via an encapsulation tunnel, thereby reducing the routing burden on the MSR. The tunnel aggregator device(s) may be deployed in physical or logical proximity to an MSR, which may facilitate the routing of return traffic from the MSR to the tunnel aggregator device(s), for ultimate transmission to a customer endpoint. In other examples, a tunnel aggregator device may be deployed in proximity to other provider network resources, such as a provider edge router.Type: ApplicationFiled: October 27, 2023Publication date: May 2, 2024Applicant: Level 3 Communications, LLCInventors: Michael FELDPUSCH, William HOXWORTH
-
Publication number: 20240146762Abstract: Systems and methods for improved intelligent manipulation of distributed-denial-of-service (DDoS) attack traffic are provided. In implementations, a method may include receiving, at a traffic management system, a mirrored first stream of packets from a router on a first link and a mirrored second stream of packets from the router on a second link. The method may further include determining flow information about the first stream. In examples, the flow information may indicate that a challenge to a particular source IP address has been issued to test the legitimacy of the source IP address. The method may further include sending, by the traffic management system, a routing policy update based on the flow information.Type: ApplicationFiled: October 11, 2023Publication date: May 2, 2024Applicant: Level 3 Communications, LLCInventors: Christian JENSEN, Michael FELDPUSCH
-
Publication number: 20240113999Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.Type: ApplicationFiled: December 14, 2023Publication date: April 4, 2024Applicant: Level 3 Communications, LLCInventors: Michael Feldpusch, Dan Luther
-
Publication number: 20240048588Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.Type: ApplicationFiled: October 20, 2023Publication date: February 8, 2024Applicant: Level 3 Communications, LLCInventor: Michael Feldpusch
-
Patent number: 11848911Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.Type: GrantFiled: December 12, 2022Date of Patent: December 19, 2023Assignee: Level 3 Communications, LLCInventors: Michael Feldpusch, Dan Luther
-
Patent number: 11799902Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.Type: GrantFiled: April 6, 2021Date of Patent: October 24, 2023Assignee: Level 3 Communications, LLCInventor: Michael Feldpusch
-
Publication number: 20230113446Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.Type: ApplicationFiled: August 9, 2022Publication date: April 13, 2023Applicant: Level 3 Communications, LLCInventors: Michael FELDPUSCH, Christian JENSEN, Lisa HARENSKI, William HOXWORTH
-
Publication number: 20230106413Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.Type: ApplicationFiled: December 12, 2022Publication date: April 6, 2023Applicant: Level 3 Communications, LLCInventors: Michael Feldpusch, Dan Luther
-
Patent number: 11533291Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.Type: GrantFiled: April 18, 2022Date of Patent: December 20, 2022Assignee: Level 3 Communications, LLCInventors: Michael Feldpusch, Dan Luther
-
Publication number: 20220400099Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.Type: ApplicationFiled: April 18, 2022Publication date: December 15, 2022Applicant: Level 3 Communications, LLCInventors: Michael Feldpusch, Dan Luther
-
Publication number: 20220394059Abstract: Systems and methods for improved DDoS mitigation by utilizing lightweight and tuned mitigation techniques are provided. A lightweight, tuned DDoS system provides protection from DDoS attacks by hosting a container hypervisor on a server that is isolated from other server processes. The container hypervisor may include protection containers and forensic containers. Traffic received at the server is directed through the protection containers to filter out malicious traffic prior to valid traffic being sent to other system processes. The protection containers may be specifically tuned to the service provided by the server. Additionally, malicious traffic may be directed from the protection containers to the forensics containers for extraction of forensic information to be directed to external threat intelligence systems for analysis.Type: ApplicationFiled: June 8, 2022Publication date: December 8, 2022Inventors: Michael FELDPUSCH, Peter BRECL, Dan LUTHER
-
Publication number: 20220038493Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.Type: ApplicationFiled: April 6, 2021Publication date: February 3, 2022Applicant: Level 3 Communications, LLCInventor: Michael Feldpusch