Computer networks transport a large volume of message traffic between users. The network interconnects the users by way of routing devices and physical communication lines. The routing devices switch message traffic between users by address information in the message traffic which conforms to a particular protocol. The message traffic travels in a series of “hops” among the routing devices conversant in the protocol to arrive at the destination, or target node.
In such a computer network, certain activities may cause an influx of an inordinate amount of message traffic to particular target node. Malicious, intentional inundation of messages to a particular target node overwhelm the resources of the target node to process the barrage of incoming message traffic. This so called “denial of service” attack results in the inability of the target node to provide routing service to users due to the consumption of resources by the undesirable incoming message traffic. Such denial of service attack attempts may be made by disgruntled employees, hackers, pranksters, and others for a variety of reasons. Further, such attacks also occur unintentionally due to unfamiliarity or ignorance, for example, an employee erroneously addressing an email to an entire company mailing list with delivery confirmation.
Such conventional computer networks employ a plurality of routing devices. The routing devices include edge routers, which communicate directly with the user nodes, or hosts/servers, and core routers, which communicate with other routing devices in the computer network. Each of the edge routers and core routers (routing devices) has one or more routing tables for routing message traffic according to address information in each of the messages included in the message traffic. The routing devices lookup the address information in the routing tables to determine where to send, or route, the message.
In a conventional computer network, the information in the routing table propagates between the routing devices so that each routing device will know where to forward a particular message for the next “hop.” An edge router nearest a particular host advertises itself as the preferred routing device for that host. Other routers will store information in their routing tables indicating that message traffic for the host is to be sent to the preferred routing device. The edge router serving the host, therefore, becomes the focal point for the denial of service attack on the host.