The Internet is a global public network of interconnected computer networks that utilize a standard set of communication and configuration protocols. It consists of many private, public, business, school, and government networks. Within each of the different networks are numerous host devices such as workstations, servers, cellular phones, portable computer devices, to name a few examples. These host devices are able to connect to devices within their own network or to other devices within different networks through communication devices such as hubs, switches, routers, and firewalls, to list a few examples.
The growing problems associated with security exploits within the architecture of the Internet are of significant concern to network providers. Networks, and network devices are increasingly affected by the damages caused by Denial of Service (“DoS”) attacks. A DoS attack is defined as an action taken upon on a computer network or system by an offensive external device that prevents any part of the network from functioning in accordance with its intended purpose. This attack may cause a loss of service to the users of the network and its network devices. For example, the loss of network services may be achieved by flooding the system to prevent the normal servicing for performing legitimate requests. The flooding may consume all of the available bandwidth of the targeted network or it may exhaust the computational resources of the targeted system.
A Distributed Denial of Service (“DDoS”) attack is a more aggressive action that involves multiple offensive devices performing an attack on a single target computer network or system. This attack may be performed in a coordinated manner by these multiple external devices to attack a specific resource of a service provider network. The targeted resource can be any networking device such as routers, Internet servers, electronic mail servers, Domain Name System (“DNS”) servers, etc. Examples of a DDoS attack include (but are not limited to): large quantities of raw traffic designed to overwhelm a resource or infrastructure; application specific traffic designed to overwhelm a particular service; traffic formatted to disrupt a host from normal processing; traffic reflected and/or amplified through legitimate hosts; traffic originating from compromised sources or from spoofed IP addresses; and pulsed attacks (which start/stop attacks). Further, it is to be understood DDoS attacks are typically categorized as: TCP Stack Flood Attacks (e.g., flood a certain aspect of a TCP connection process to keep the host from being able to respond to legitimate connections (which may also be spoofed)); Generic Flood Attacks (e.g., consists of a flood of traffic for one or more protocols or ports, which may be designed to appear like normal traffic which may also be spoofed)); Fragmentation Attacks (e.g., consists of a flood of TCP or UDP fragments sent to a victim to overwhelm the victim's ability to re-assemble data streams, thus severely reducing performance); Application Attacks (e.g., attacks designed to overwhelm components of specific applications); Connection Attacks (e.g., attacks that maintain a large number of either ½ open TCP connections or fully open idle connections); and Vulnerability Exploit Attacks (e.g., attacks designed to exploit a vulnerability in a victim's operating system).
In view of the above, it is thus advantageous to provide redundancy of external server functionality in the event an Internet coupled “cloud” signaling server goes down. Currently, there are primarily two known solutions for providing client/server redundancy. It is to be appreciated that with regards to both solutions, the client device must have knowledge regarding the redundant server which is to become the current primary server, which has proven disadvantageous for at least the below reasoning. The first known solution provides a fail over to a redundant server at the time of failure whereby the client device determines that communication with the primary server is down so as to initiate a connection with one of the redundant servers. However, an associated disadvantage is the client must be able to perform a handshake with the new primary server which may not be possible if the client is subject to a denial of service attack. The aforesaid second solution is to provide a fail over approach similar to the first solution except encryption keys are propagated from the primary server to associated redundant servers. In accordance with redundancy solution, the client needs to determine that communication with the primary server is down so as to start sending heartbeat protocol signals to the redundant server to establish communication therewith, which again may not be feasible when the client device is subject to a denial of service attack.
The architecture of the Internet makes networks and network devices vulnerable to the growing problems of denial of service (e.g., DDoS) attacks. Therefore, the ability to avoid or mitigate the damages of a DDoS attack, while preventing blocking of valid hosts and viable data storage redundancy is advantageous to devices located in a protected network.