A system, method, and computer program product are provided that utilize a decoy in response to a distributed denial of service attack in a communication network. In use, a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is detected. Additionally, at least one first communication channel associated with the communication network that is subject to the DDoS attack is identified. Further, at least one second communication channel to implement functionality of the at least one first communication channel is initiated, while maintaining the at least one first communication channel subject to the DDoS attack to use as a decoy for the DDoS attack. Moreover, the at least one second communication channel is utilized to implement the functionality of the at least one first communication channel while the at least one first communication channel subject to the DDoS attack is used as the decoy for the DDoS attack.

A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

A method of DDoS and hacking protection for internet-based servers using a private network of internet servers utilizes multiple data streams sent over a network of proxy servers to mitigate malicious attacks and ensure fast connections from a user to a destination server. The destination server is hidden from the user and the redundancy of the proxy network serves to maintain security and connection quality between the user and the destination server.

A method, system, and computer-implemented method to manage threats to a network is provided. The method includes receiving volume threat data that indicates a volume of threat data that needs to be managed by a threat management system having a plurality of threat management devices, determining a volume range from a plurality of volume ranges to which the received volume threat data belongs, determining a number of threat management devices of the plurality of threat devices needed to manage threat traffic associated with the volume range determined, and determining whether the number of threat management devices needed is different than a number of threat management devices currently being used to manage threat traffic. The method further includes selecting automatically threat management devices of the plurality of threat management devices to manage received threat data, in response to a determination that the number is different and based on the number determined, assigning automatically, each packet of the threat traffic to a group, each group corresponding to a threat management device of the selected threat management devices, and directing automatically each packet of the threat traffic to the threat management device that corresponds to the group to which the packet is assigned.

A connection control apparatus is configured such that a connection count calculator calculates a TCP connection count, which is the number of TCP connections established between a server and one or more clients on a network, of each of servers on the network. The connection control apparatus is configured such that, when a determiner determines that the calculated count is larger than or equal to a predetermined threshold value, an anomalous connection detector detects anomalous connection, and a packet controller controls packet transmission and reception over the anomalous connection.

Aspects of detecting and mitigating denial of service (DoS) attacks over home gateway network address translation (NAT) are disclosed herein. According to one aspect disclosed herein, a home gateway system can detect that a NAT table is overpopulated. In response to detecting that the NAT table is overpopulated, the home gateway system can determine a mitigation action to be performed. The home gateway system can then perform the mitigation action in an attempt to mitigate an effect of the NAT table overpopulation.

Distributed denial of service (DDOS) attacks may occur in various networks and may target any of various servers. A DDOS attack on a server in a first autonomous system may be launched from within another autonomous system, or from within the same autonomous system. Some autonomous systems may include threat mitigations systems, whereas some autonomous system may lack threat mitigations systems. As such, systems and methods to redirect DDOS attack using remote mitigation tools are provided.

Embodiments detailed herein describe a system comprising a manageability server to generate an encrypted sideband message having at least one command; a server including: a radio frequency identification (RFID) device, the RFID device to include storage to store at least one encrypted sideband message having at least one command, and a security circuit coupled to the RFID device, the security circuit to: retrieve at least one encrypted sideband message from the RFID device storage, decrypt the one encrypted sideband message, determine validity of the decrypted sideband message using information from the decrypted sideband message, and perform an action in response to the at least one command.

Generally described, the present disclosure is directed to managing request routing functionality corresponding to resource requests for one or more resources associated with a content provider. The processing of the DNS requests by the service provider can include the selective filtering of DNS queries associated with a DNS query-based attack. A service provider can assign DNS servers corresponding to a distributed set of network addresses, or portions of network addresses, such that DNS queries exceeding a threshold, such as in DNS query-based attacks, can be filtered in a manner that can mitigate performance impact on for the content provider or service provider.

In an example, a detection engine identifies potential malware objects according to behavior. In order to circumvent blacklists and fingerprint-based detection, a malware server may frequently change domain names, and change the fingerprints of distributed malware agents. A malware agent may perform only an initial DNS lookup, and thereafter communicate with the malware command-and-control server via naked HTTP packets using the raw IP address of the server. The detection engine identifies malware agents by this behavior. In one example, if an executable object makes repeated HTTP requests to an address after the DNS lookup time to live has expired, the object may be flagged as potential malware.