Method for protecting a firewall load balancer from a denial of service attack

Assignee

• Cisco Technology, Inc. · US

Inventors

• Chris O'Rourke · Apex, US
• Gaurang Shah · Cary, US
• Louis F. Menditto · Raleigh, US
• Mark Albert · Cary, US
• Michael Sutton · Roseville, US
• Pranav Kumar Tiwari · Raleigh, US
• Robert Batz · Raleigh, US
• Richard Landry Gray · Saratoga, US
• Sean W. Hull · Raleigh, US
• Tzu-Ming Tsang · Chapel Hill, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/1001
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method for protecting firewall load balancers from a denial of service attack is provided. Packets are received by the firewall load balancer. Each packet has a source and a destination. The firewall load balancer is equipped with a connection database that can contain entries about the packets. Upon receipt of a packet, the connection database is queried to determine whether or not there is an entry for the received packet. If an entry is found in the database, the packet is forwarded to its destination. Otherwise, if the packet was received from a firewall, then a new connection entry for the packet is built and is saved to the connection database and the packet is forwarded on to its destination. If the packet does not have an entry (match) in the connection database and the packet was not received from a firewall, then the packet is forwarded to a firewall.