Method and apparatus for protecting electronic commerce sites from distributed denial-of-service attacks

摘要

An Internet Service Provider (ISP), in consideration of being remunerated in some manner by an e-merchant, carries the packets of a designated subset of that e-merchant's clients, designated as VIPs, in a privileged class of service as compared to an unprivileged class of service that is used to carry the packets of the e-merchant's other regular clients. In this way, the adverse effects on performance due to congestion in the unprivileged class of service, whether due to an ongoing denial-of-service attack or not, will not affect the performance of packets sent by and to VIPs using the privileged class of service. An e-merchant may select its VIPs from among those clients that bring in a majority of the e-merchant's revenues. Ar e-merchant turns a regular client into a VIP by granting it a VIP right. VIP gates, preferable implemented in an ISP's access gateways, monitor the packets sent by clients and mark for the privileged class of service those packets whose source has an active VIP right issued by the packet's destination.