Mobile nodes may access data networks by connecting to an access device. A secure tunnel within Internet Protocol (IP) is established to communicate with the mobile node. Before establishing the secure tunnel, the mobile node is authenticated through an authentication, authorization, and accounting (AAA) domain to a home location register (HLR). The HLR is a central database that includes details of each mobile node and subscriber that is authorized to use the network.
When a malicious attack is detected from the mobile node, the access device may terminate the session with the mobile node. In this case, the secure tunnel may be brought down. This disconnects the mobile node from the network. However, the mobile node can immediately attempt to reconnect to the network. This may occur because the mobile node is acting maliciously or may be inadvertent due to a virus. The mobile node may be authenticated again by the HLR through the AAA domain. Allowing a potentially malicious mobile node to reconnect to the network is not desirable. This exposes the HLR to a potential Denial of Service (DoS) attack as a malicious device/application, such as a virus or worm, continues to cause multiple queries to the HLR. The HLR is one of the most valuable nodes in a network. One reason is because the HLR maintains the subscriber's personal information. Allowing requests to contact the HLR exposes the HLR to potential DoS attacks. Also, requests to the HLR are expensive to process and thus having malicious requests contact the HLR may cause unnecessary expenses to be incurred for a service provider.