This disclosure describes techniques for employing a reusable acknowledgment in communications among network devices. The techniques include generating a reusable negative acknowledgment (NACK) in response to a request for data that are unavailable. The reusable NACK may be sent as a response for at least some additional requests for unavailable data, rather than generating a new NACK for each request. As such, the reusable NACK may help decrease the computational load for a network device. In some cases, the use of a reusable NACK may help lessen the impacts of denial-of-service type attacks across a network.

A computer method and system to determine one or more sub-groups of protected network servers for receiving common network filter settings for mitigating Denial of Services (Dos) attacks. Network traffic associated with the plurality of network servers is captured and collated for each of the plurality of network servers. The collated network traffic is then analyzed to determine a profile of one or more network services provided by each of the plurality of network servers. Each of the plurality of network servers is then tagged with one or more network services determined provided by each network server based upon analysis of the collated network traffic. Metadata is then determined from the collated network traffic that is associated with each of the plurality of network servers. A determination of sub-group clustering is made of one or more of the plurality of network servers contingent upon the one or more determined network service tags and the determined meta data associated with each of the plurality of network servers. Common DoS mitigation actions may then be prescribed for each of the determined sub-group clusters of network servers.

An apparatus may comprise a processing resource operatively coupled to a memory resource and a frame determination component operatively coupled to the processing resource and the memory resource. The frame determination component may cause a counter corresponding to a particular station associated to the apparatus to be stored in the memory resource, the counter to be incremented in response to receipt of a transmission frame containing an invalid starting sequence number (SEN) and a deauthentication frame to be transmitted in response to receipt of a threshold number of transmission frames containing the invalid.

A handling apparatus (14a) handles a server attack taking place on a network (1Na) or handles a server attack as requested by a security system provided on another network. In accordance with a determination that it is not possible to handle the server attack by the handling apparatus (14a), the control determination apparatus (12a) makes a request to another security system (1Sb) capable of handling the server attack to handle the server attack. A centralized control apparatus (11) determines whether the server attack taking place on the network (1Na) can be handled on another network.

A forwarding method is applied to a constrained node and includes: receiving authentication information; determining whether the authentication information is received for the first time; and if the authentication information is received not for the first time, forwarding the authentication information; or if the authentication information is received for the first time, determining whether the authentication information is valid authentication information, and if the authentication information is not valid authentication information, discarding the authentication information, or if the authentication information is valid authentication information, verifying the valid authentication information, and forwarding the valid authentication information after the verification succeeds.

Embodiments of the present application disclose a forwarding method, a forwarding apparatus, and a forwarder for authentication information in the Internet of Things. The method is applied to a constrained node and includes: receiving authentication information; determining whether the authentication information is received for the first time; and if the authentication information is received not for the first time, forwarding the authentication information; or if the authentication information is received for the first time, determining whether the authentication information is valid authentication information, and if the authentication information is not valid authentication information, discarding the authentication information, or if the authentication information is valid authentication information, verifying the valid authentication information, and forwarding the valid authentication information after the verification succeeds. The embodiments of the present application can reduce resources of the constrained node, and improve performance of the Internet of Things.

A method for reducing unwanted data traffic in a computer network due to a Distributed Reflection Denial of Service (DRDoS) attack. The method comprises operating a filtering module in a normal mode or a blocking mode to allow or block requests from being communicated within a computer network in response to data from a honeypot device in the computer network. The method allows the honeypot device to continue to monitor further attack requests that are received during the DRDoS attack.

Embodiments of the present disclosure disclose a method for defending against a User Datagram Protocol (UDP) attack and a defense device. The method is implemented by a defense device, the defense device comprising a memory, a processor, and a bus system. The method comprising: detecting, by the defense device, whether a target host is attacked by a UDP attack from an attack device; obtaining, by the defense device, an Internet Control Message Protocol (ICMP) data packet sent back by the target host to the attack device, in response to the target host being attacked by the attack device; extracting, by the defense device, information about target ports in the ICMP data packet; and performing, by the defense device according to the information about the target ports, interception processing on UDP data packets sent by the attack device to the target ports.

The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack.

Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat