	US 12,341,809 B2
	Defending against volumetric attacks
Clifford Kahn, Santa Clara, CA (US); Jian Liu, Fremont, CA (US); Victor Pavlov, Palo Alto, CA (US); Srinivas Kavuri, San Jose, CA (US); and John A. Chanak, Saratoga, CA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Nov. 16, 2022, as Appl. No. 17/988,128.
Prior Publication US 2024/0163308 A1, May 16, 2024
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1458 (2013.01) [H04L 63/08 (2013.01)]

17 Claims

1. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform steps of:

monitoring flows and a rate of requests to a Data Center (DC);

receiving a request from an address to the DC, the request being for a service in a cloud-based system;

determining if the address has been successfully authenticated within a past predetermined time period;

responsive to the address not having been successfully authenticated within the past time period, and one of (i) the rate of requests being above a first threshold or (ii) the number of flows being above a second threshold, placing the address in a penalty box for a predetermined amount of time; and

blocking requests from the address in the penalty box for the predetermined amount of time,

wherein the steps are performed only during a volumetric attack.