1. Field of the Invention
The present invention generally relates to the field of internet traffic and, more particularly, to a system and method for controlling internet traffic to mitigate effects of malicious traffic, including distributed denial of service (DDOS) attacks and email bombing attacks, a particular type of DDOS attack.
2. Description of the Related Art
Computers connected via a network, such as the Internet, are identified by a unique identifier. For most computers, which use the Transmission Control Protocol/Internet Protocol (TCP/IP), this unique identifier is called an internet protocol address, or IP address. IP addresses can be static or, more commonly, dynamic.
Generally, a first computer on a network can attempt to access a second computer on the same network directly, via the second computer's IP address. More commonly, the user of a first computer will only know the “name” of the intended destination, not the IP address of the destination. Using the Domain Name System, or DNS, the user of the first computer can access the destination without knowledge of the destination's IP address.
The DNS uses a process called DNS name resolution to find a specific IP address, given a particular domain name. For example, if a user was attempting to access the domain example.com, the user would enter the name into a web browser's address bar, and the DNS would resolve the IP address for that domain.
The DNS has a hierarchical structure and utilizes a large number of DNS servers that store records for a given domain name and respond with answers to queries, such as asking for the IP address for a given domain name.
An authoritative DNS server is a DNS server that gives answers in response to queries for a particular DNS zone. Every domain name appears in a zone that is served by at least one authoritative name server.
If a particular DNS server cannot answer a query, it may query other DNS servers that are higher up in the hierarchy by performing a reverse look-up. The number of DNS servers has grown as use of the Internet has expanded.
Many devices have been developed to protect servers and networks from malicious attacks coming from the Internet. Typically, these devices fall into the category of firewalls and specialized routers. Generally, a firewall is any security system that controls network traffic by applying a set of rules. Essentially, a firewall is a barrier between a secure network and another, unsecure network (i.e., the Internet).
Internet traffic can also be regulated using white lists, black lists, and/or grey lists to manage a set of allowed or denied users. For example, U.S. Pat. No. 7,849,502 and U.S. Patent Application Publication Nos. 2012/0079592 and 2008/0168558 describe the creation, management, and use of various types of white, black, and grey lists.
Each and every reference cited herein is hereby incorporated by reference in its entirety, where appropriate, for teachings of additional or alternative details, features, and/or technical background.