Process to thwart denial of service attacks on the internet
US7251692B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 28, 2000 |
| Grant date | Jul 31, 2007 |
| Priority date | — |
| Expiry date | Sep 16, 2022 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1458
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Denial of service (CSDoS) attacks are managed by a process that diverts a fraction of SYN packets destined to a server S to a web guard processor. The web guard processor acts as a termination point in the connection with the one or more clients from which the packets originated, and upon the establishment of a first TCP connection with a legitimate client, opens a new TCP connection to the server and transfers the data between these two connections. It also monitors the number of timed-out connections. When an attack is in progress, the number of the forged attack packets and timed-out connections increases significantly. If this number exceeds a predetermined threshold amount, the web guard processor declares that this server is under attack. The switch diverts all traffic (i.e. SYN packets) destined to this server to the web guard processor, or to delete all SYN packets to the server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.