Patent · US Expired

Preventing network reset denial of service attacks using embedded authentication information

US7472416B2 · kind B2 · utility

8Cited by

6References

25Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Anantha Ramaiah · Sunnyvale, US
Shrirang Bage · Fremont, US
Amol Khare · Sunnyvale, US
Mitesh Dalal · Santa Clara, US

Key dates

Filing date	May 6, 2004
Grant date	Dec 30, 2008
Priority date	—
Expiry date	Jun 18, 2025

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1466
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Approaches for preventing TCP RST attacks intended to cause denial of service in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, an endpoint node determines whether the TCP segment contains valid authentication information. The TCP RST segment is accepted and the TCP connection is closed only when the authentication information is valid. Authentication information may comprise a reset type values, and either initial sequence numbers of both endpoints, or a copy of a TCP header and options values previously sent by the endpoint node that is performing the authentication. Thus, attacks are thwarted because an attacker cannot know or reasonably guess the required authentication information.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.