Patent · US Expired

Secret hashing for TCP SYN/FIN correspondence

US7284272B2 · kind B2 · utility

38Cited by

7References

15Claims

0Family size

Assignee

Alcatel Canada Inc. · CA

Inventors

Brett Howard · Ottawa, CA
Jean-Marc Robert · Ottawa, CA
Paul Kierstead · Ottawa, CA
Scott D'Souza · Ottawa, CA

Key dates

Filing date	May 31, 2002
Grant date	Oct 16, 2007
Priority date	—
Expiry date	Jul 12, 2024

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods of preventing flooding-type denial-of-service attacks in a computer-based network are described. Connection establishing messages known as SYN packets are matched with connection terminating messages (FIN packets) by using a hash algorithm. The hash algorithm or message digest uses source and destination IP addresses, port numbers, and a secret key as input parameters. The SYN packets and FIN packets are mapped to buckets using the hash algorithm and statistics are maintained for each bucket. A correspondence between SYN packets and FIN packets is maintained to close a security hole.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.