Patent · US Expired

Preventing network reset denial of service attacks

US7203961B1 · kind B1 · utility

7Cited by

0References

28Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Mitesh Dalal · Santa Clara, US
Amol Khare · Sunnyvale, US
Randall Stewart · Chapin, US

Key dates

Filing date	Jan 9, 2004
Grant date	Apr 10, 2007
Priority date	—
Expiry date	Dec 10, 2024

Classification

Technology area (CPC H)Electricity
CPC primaryH04L1/16
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.