Patent · US Active

Preventing network reset denial of service attacks

US7458097B2 · kind B2 · utility

1Cited by

3References

20Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Mitesh Dalal · Santa Clara, US
Amol Khare · Sunnyvale, US
Randall Stewart · Chapin, US

Key dates

Filing date	Sep 28, 2006
Grant date	Nov 25, 2008
Priority date	—
Expiry date	Nov 22, 2026

Classification

Technology area (CPC H)Electricity
CPC primaryH04L1/16
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.