Abstract: One or more encapsulation tunnel aggregator devices are distributed across a provider's network. The tunnel aggregator device(s) may receive clean return traffic from a managed security router (MSR) and route the traffic to a customer endpoint via an encapsulation tunnel, thereby reducing the routing burden on the MSR. The tunnel aggregator device(s) may be deployed in physical or logical proximity to an MSR, which may facilitate the routing of return traffic from the MSR to the tunnel aggregator device(s), for ultimate transmission to a customer endpoint. In other examples, a tunnel aggregator device may be deployed in proximity to other provider network resources, such as a provider edge router.

Abstract: Systems and methods for improved intelligent manipulation of distributed-denial-of-service (DDoS) attack traffic are provided. In implementations, a method may include receiving, at a traffic management system, a mirrored first stream of packets from a router on a first link and a mirrored second stream of packets from the router on a second link. The method may further include determining flow information about the first stream. In examples, the flow information may indicate that a challenge to a particular source IP address has been issued to test the legitimacy of the source IP address. The method may further include sending, by the traffic management system, a routing policy update based on the flow information.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods for improved DDoS mitigation by utilizing lightweight and tuned mitigation techniques are provided. A lightweight, tuned DDoS system provides protection from DDoS attacks by hosting a container hypervisor on a server that is isolated from other server processes. The container hypervisor may include protection containers and forensic containers. Traffic received at the server is directed through the protection containers to filter out malicious traffic prior to valid traffic being sent to other system processes. The protection containers may be specifically tuned to the service provided by the server. Additionally, malicious traffic may be directed from the protection containers to the forensics containers for extraction of forensic information to be directed to external threat intelligence systems for analysis.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.