Abstract: The present application describes systems and methods for filtering of malicious domain name system (DNS) queries. A DNS filter inspects a DNS query and drops the DNS query if the DNS query is deemed invalid. The DNS filter allows or drops the DNS query based on a set of rules. The set of rules includes one or more criteria for the validity or invalidity one or more DNS query attributes. The DNS filter logs the dropped DNS queries and provides them to the security analysis service for further investigation. In some examples, the DNS filter runs in a container or a virtual machine (VM) on the same system as the DNS server, or on a separate system in-line with the DNS servers.

Abstract: A network filter request arbiter is provided. An interface (e.g., user interface and/or programmatic interface, such as an application programming interface (API)), is for configuring and automatically implementing one or more filters in an internal and/or external network. The filters may be used to stop distributed denial of service (DDOS) attacks and/or prevent malicious network traffic from reaching a target network or target device(s) within the target network. Filters implemented in a target network may also be distributed to other (e.g., upstream) networks. The distributed filters may similarly be used to stop DDOS attacks and/or prevent malicious network traffic from being carried by the networks and from reaching a target network or target device(s) within the target network.

Abstract: The present application describes systems and methods for secured network information transmission. A network tunnel may be established from a customer premises equipment (CPE) to a routing device at a provider site. The network tunnel may traverse over one or more networks while maintaining a secure path for data. A customer may indicate a chosen configuration for a CPE, and a device at a provider site, a customer device, and/or the CPE itself may automatically, or manually, configure the CPE based on the chosen configuration to allow and/or disallow certain customer network information from being received and/or transmitted through the network tunnel.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: One or more encapsulation tunnel aggregator devices are distributed across a provider's network. The tunnel aggregator device(s) may receive clean return traffic from a managed security router (MSR) and route the traffic to a customer endpoint via an encapsulation tunnel, thereby reducing the routing burden on the MSR. The tunnel aggregator device(s) may be deployed in physical or logical proximity to an MSR, which may facilitate the routing of return traffic from the MSR to the tunnel aggregator device(s), for ultimate transmission to a customer endpoint. In other examples, a tunnel aggregator device may be deployed in proximity to other provider network resources, such as a provider edge router.

Abstract: Systems and methods for improved intelligent manipulation of distributed-denial-of-service (DDoS) attack traffic are provided. In implementations, a method may include receiving, at a traffic management system, a mirrored first stream of packets from a router on a first link and a mirrored second stream of packets from the router on a second link. The method may further include determining flow information about the first stream. In examples, the flow information may indicate that a challenge to a particular source IP address has been issued to test the legitimacy of the source IP address. The method may further include sending, by the traffic management system, a routing policy update based on the flow information.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.

Abstract: FlowSpec is a mechanism for distributing rules to routers in a network. Such rules may be used, for example, to drop traffic associated with a distributed denial of service attack. However, a malformed or incorrect FlowSpec announcement may, if distributed in the network, cause legitimate traffic to be dropped, degrading the service experienced by legitimate users. As such, systems and methods for avoiding the distribution of malformed FlowSpec announcements are provided.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network.

Abstract: Systems and methods for improved DDoS mitigation by utilizing lightweight and tuned mitigation techniques are provided. A lightweight, tuned DDoS system provides protection from DDoS attacks by hosting a container hypervisor on a server that is isolated from other server processes. The container hypervisor may include protection containers and forensic containers. Traffic received at the server is directed through the protection containers to filter out malicious traffic prior to valid traffic being sent to other system processes. The protection containers may be specifically tuned to the service provided by the server. Additionally, malicious traffic may be directed from the protection containers to the forensics containers for extraction of forensic information to be directed to external threat intelligence systems for analysis.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.